Application Security Analyst

YesWeHack we’re on a mission - to make the world a safer place by stopping cyber-attack breaches through our global Ethical Hackers’ Network.

Founded in 2015, YesWeHack is Europe #1 bug bounty platform, with offices in Paris, Singapore, Switzerland, Germany. We provide a disruptive approach to Cyber Security through Bug Bounty programs, by connecting more than 130,000+ Ethical Hackers worldwide with organisations to secure their exposed scopes the agile way.

Job description

At YesWeHack, we are expanding our APAC team with dynamic and skilled professionals and are currently on the lookout for an Application Security Analyst (Full remote). In this role, you will be pivotal in handling vulnerability reports from our ethical hacking community. You’ll engage in thorough analysis, triage, and offer expert guidance to our clients on understanding, assessing, and remedying these vulnerabilities. Additionally, you will contribute to the creation and enhancement of internal tools, aiding both our team and the hacker community.

Key Responsibilities

As an Application Security Analyst you will participate in the qualification of vulnerability reports submitted by our community of ethical hackers, to its analysis and to support our clients in the assessment vulnerabilities in order to better understand the impacts and possible solutions. You will also participate in creating internal tools, as well as their maintenance and evolution for the benefit of our hackers’ community (https://yeswehack.github.io/)

Your main tasks will be as follows:

• Review, reproduce, and evaluate security vulnerabilities.
• Educated, explain, and provide insightful remediation advice to clients, enhancing their security posture.
• Facilitate effective communication with our ethical hacker community.
• Collaborate closely with the Customer Success Manager (CSM) department.
• Innovate and develop security tools for internal and community use.

Skillset

• Ability to find and reproduce web application vulnerabilities.
• Security fundamentals such as the Top 10 OWASP
• Specific penetration tools such as Burp Suite, SQLMap, fuzzers, etc.
• Python, Go, or Javascript expertise
• Fluent English (spoken/written)

Work schedule: 5 days a week but working during the weekend.

Profile

• Passionate about cybersecurity, eager to apply your knowledge
• Hands-on experience, including participation in CTFs and Infosec platforms.
• Rigorous, adhering to best security practices.
• Team player with excellent interpersonal skills, ready to make a significant impact