Details of the offer for Web App Research Engineer (Paris, Remote) M/W about r-d at Tenable in Columbia

Your Role

Tenable is looking for a Research Engineer to join our Web App Scanning Content team. This position will involve researching existing web application vulnerabilities, looking for new vulnerabilities and developing plugins for Web Application Scanning to detect these vulnerabilities.


Your Opportunity

  • Perform original research by looking for vulnerabilities in web applications popular with our customers, coordinating disclosures and developing plugins to detect these new vulnerabilities
  • Research newly published vulnerabilities and security advisories in order to determine safe and reliable methods of detection and exploitation
  • Develop plugins for Web Application Scanning based on research findings and security advisories
  • Research, develop and improve methods of detection for currently unsupported web applications


What you'll need

  • In depth understanding of web application security vulnerabilities, detection and exploitation techniques
  • Strong experience with web applications assessment like pentest, bug bounty or CTF
  • Robust programming skills in Ruby or Python
  • Ability to self-educate and keep up to date with current security trends and exploitation methods
  • Ability to operate independently with little supervision as well as collaborate and work with others
  • Robust problem-solving skills, the ability to learn from doing, personal accountability and a positive and professional attitude
  • Strong attention to detail and able to frequently shift priorities as needed
  • Good written and verbal communication skills


And ideally

  • B.S. degree in Computer Science or a related field
  • 2+ years of development experience
  • Experience working with CVSS scoring, OWASP Top 10, CVE and other vulnerability taxonomy/classification systems
  • Experience with web application security tools such as Burp Suite, Arachni, sqlmap, w3af and others
  • Experience with systems administration and be comfortable working at the command line