Note: The job is a remote job and is open to candidates in USA. Parallels is seeking a highly motivated and talented Application Security Engineer to join our team. In this role, you will make security decisions that impact millions of our customers while gaining hands-on experience in exploit development and CVE discovery.
Responsibilities
- Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs, then propose granular fixes to engineers
- Discover vulnerabilities and construct exploits for core Parallels applications such as Parallels Remote Application Server
- Assist in the CVE disclosure process
- Provide threat models and design reviews for teams throughout the company
- Assist in tuning existing static analysis, dynamic analysis, and dependency management tools
Skills
- An attacker mindset: engineers will often want proof before fixes are implemented
- Eagerness to learn – you are not expected to know everything coming in, but you should continuously learn new techniques on the job
- The ability to communicate clearly, acknowledge mistakes, and disagree when necessary
- Demonstrable passion for offensive security
- Experience reading, writing and debugging C++ and Python code
- Basic experience with memory exploitation techniques
- Demonstrable experience with web exploitation techniques and tools (e.g. PortSwigger lab scoreboards)
- Excellent written and oral communication skills
- BSc/MS in computer science or a related field
- Previous CVEs in desktop applications
- Proficiency with reverse engineering tools
- Significant experience in memory exploitation techniques (e.g. gaining code execution from memory vulnerabilities in modern operating systems)
- Familiarity with cloud security best practices
- 3+ years of industry experience
- OSCP/OSWE/OSED/RET2 certification
Benefits
- We want you to feel safe being who you are, taking risks, and showing us what you've got.
- At Parallels, we're serious about empowering people to work when, how, and where they want. Couch? Sweatpants? Cool with us.
Company Overview