We're looking for a Application Security Product Analyst to join our Product team and spread our power. In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent. You will bridge the gap between automated AI testing and security policy, defining the "rules of engagement" for our agents and ensuring they effectively simulate sophisticated attacks while maintaining operational safety.
WHAT YOULL DO
Oversee the daily deployment, health, and operation of DAST and penetration testing capabilities to ensure optimal scanning across diverse customer environments.
Develop and maintain attack policies and rules by creating and fine-tuning the logic that defines how the system identifies, prioritizes, and exploits vulnerabilities.
Analyze and validate findings by reviewing complex attack paths to reduce false positives and improve the core logic's performance.
Research novel attack vectors and emerging web/API threats to translate new techniques into executable behaviors for the DAST engine.
Collaborate on product evolution with R&D and Product teams, using operational insights to drive feature requests and continuous improvement.
WHAT YOULL DO
Oversee the daily deployment, health, and operation of DAST and penetration testing capabilities to ensure optimal scanning across diverse customer environments.
Develop and maintain attack policies and rules by creating and fine-tuning the logic that defines how the system identifies, prioritizes, and exploits vulnerabilities.
Analyze and validate findings by reviewing complex attack paths to reduce false positives and improve the core logic's performance.
Research novel attack vectors and emerging web/API threats to translate new techniques into executable behaviors for the DAST engine.
Collaborate on product evolution with R&D and Product teams, using operational insights to drive feature requests and continuous improvement.
Requirements:
Over 2 years of DAST and penetration testing expertise, including hands-on experience in application security or operating enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
Proven ability in security rule and policy development, specifically in writing custom scripts or signatures to translate vulnerability classes into detection rules.
Technical proficiency in web protocols and API standards, with a strong command of HTTP/S, REST, GraphQL, and authentication mechanisms like OAuth and SAML.
Proficiency in scripting languages such as Python, Go, or JavaScript to automate tasks and interact with the codebase.
An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
BONUS POINTS
Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.
Over 2 years of DAST and penetration testing expertise, including hands-on experience in application security or operating enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.
Proven ability in security rule and policy development, specifically in writing custom scripts or signatures to translate vulnerability classes into detection rules.
Technical proficiency in web protocols and API standards, with a strong command of HTTP/S, REST, GraphQL, and authentication mechanisms like OAuth and SAML.
Proficiency in scripting languages such as Python, Go, or JavaScript to automate tasks and interact with the codebase.
An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.
BONUS POINTS
Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.
SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.
A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.
This position is open to all candidates.
