Agile Security Specialist (APPSEC / CODE HEAVY)

Curious and eager to learn, people work together at Securify to share their passions: application security, hacking and security research - with enthusiasm.

We are out-of-the-box thinkers and see possibilities for an attack where others would drop out. We never stop learning, and stay cutting-edge by continuously sharing knowledge amongst each other, experimenting with new techniques, and conducting our own security research projects.

From our office in Amsterdam we work collaboratively as a team. This way, we can reinforce each other and find a solution together whenever someone gets stuck on something challenging. This is exactly the power of Securify - when combined, we possess all the necessary knowledge and skill to make the impossible possible - while often surprising our clients with the most (if we may say so ourselves) brilliant findings!

If this sounds appealing to you too, and you see yourself working in a vibrant start-up environment where everyone is working side by side on extremely cool things and creating something big, then we would certainly like to meet you!

THE SECURIFY MATCH
There is no catch-all diploma or certification for creative thinkers with a strong hacker mind-set. Our team, therefore, consists of players with different backgrounds. Software development, electronics, informatics, graphic design, mathematics, and even psychology. Oftentimes, it’s people who have immersed themselves into (software) security out of their intrinsic drive and passion!

At Securify we are fully focused on application / software security. In our view, this is by far the most important part of cyber security! It encompasses our most personal information, and the totality of most business operations. We even entrust software with our health and lives. It is everywhere, impossible to ignore, and growing at unprecedented speed. It is our mission to help companies build and use software in a responsible and safe way, put an end to the stream of large data leaks and incidents, and create a safer digital future! We need a bunch of passionate heroes for that!

Investigating the security of applications happens from the outside (hacking) but also from the inside - the source code. In here all details and secrets are awaiting you to really dive into the security core!

Because of this, it is important that you are at least comfortable with reading source code - or even better still - have programmed in the past (as a job or from your own interest or hobby). Some examples of profiles that fit perfectly within our team:

• Security-minded software developers who want to fully specialize in security.
• You have completed your studies in software development or IT and are strongly interested in security / hacking.
• You already work as an ethical hacker but would like to work within our team to get even better.
• Security-minded software testers / IT engineers who are comfortable with reading source code.

In short, if you are an experienced developer or security specialist, or are a talent yearning to learn more and wants to fully specialize with us through a paid traineeship, then we would like to meet you!

YOUR PRIMARY ACTIVITIES
You will be involved in performing security assessments (hack tests and code reviews) on mostly web and mobile applications. In many cases we also have access to the source code during our research in order to get a better view of the internal workings of an application and potential security problems. During your research you will work actively with your colleagues and you will regularly contact clients to report on the progress or escalation of critical findings.

Once you are completely up to speed, you will coordinate projects independently from beginning to end. This includes the intake, in which you discuss the wishes and correct approach with the customer and also the findings meeting where you explain and demonstrate your findings.

RESEARCH TIME!
Increasing our knowledge is paramount to staying ahead. Of course, you will gain a lot of new experience from your research, but we also spend a lot of time actively building our knowledge. You will, for example, work on internal (security) research projects, participate in CTFs, work on new tools, attend conferences and (give) internal presentations in which you or your colleagues demonstrate their research or spectacular findings of the week.

To give an impression of our vulnerability research projects - our team already discovered critical zero-day bugs in products such as: Microsoft, Adobe, Apple, Cisco, WD, Oracle, Citrix, Apache, Amazon, Seagate, Viber, Pinterest and Dell. All leaks were reported and dealt with in a responsible manner in cooperation with these organizations. In this way we contribute to the better protection of the millions of application users worldwide.

JOB REQUIREMENTS

REQUIRED

• Creativity, hacker mind-set.
• Drive and passion for software/application security.
• Experience in software development or at least being comfortable reading code.
• Education level equal to University of Applied Sciences or University level through work or study.
• Proficient verbal and written communication in English.

PREFERRED

• Professional software development background.
• Experience in performing security testing.
• Experience in performing security code reviews.
• Knowledge about web application security (OWASP).
• Knowledge about mobile security (iOS, Android).
• Research/vulnerability track record (bug bounties, CTFs and so on).
• Being active in the software security community.

WHAT DOES SECURIFY OFFER YOU?

• A proper salary based on your experience.
• Extensive possibilities for professional and personal development.
• Comprehensive possibilities to attend trainings or courses.
• Being able to work from home.
• Flexible working hours.
• Paid-for traineeship (for junior-level).
• Being part of a young and fast-growing company.
• Pension, lunch, and a travel allowance for public transport.
• Working on challenging and innovative projects for leading organizations.
• Possibility to do your own security research.
• A combination of software development and security testing.
• Macbook, reMarkable.
• And of course we are more than willing to have a chat with you concerning other items important to you.