Mend is passionate about safeguarding the applications that power our digital world. We are a fast-growing company with a vision for building next-level application security that developers and security teams both love to use. We have offices in Boston and Tel-Aviv as well as a global workforce of remote workers.
Our culture is open, inclusive, and engaging, and we work hard to foster a company where everyone feels valued.
Mend is a company that lives by its values:
- We are passionate about excellence
- We see the world from the customer’s perspective
- We are better together
We are seeking a brilliant and independent Application Security Engineer to join our team.
This position is a one-of-a-kind opportunity to join a unique team responsible to create the next generation of security detection and remediation platform. You will make a remarkable impact on WhiteSource and on the entire security application industry.
We are looking for security application enthusiasts. If you are up for the challenge, come and join us!
We are expanding our portfolio of products, by starting the development of a new, State-Of-The-Art, cloud-based solution in the field of application security via static application security testing (SAST).
- Performing security source code analysis.
- Analyze application vulnerabilities and provide mitigation strategies.
- Researching and designing scanning rules while working closely with a development team for SAST
- Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST.
- Handle complex cases escalated from other teams.
- Cooperate with vendors in the community to uncover and fix flaws in software projects.
- Developing and improving WhiteSource SAST for various programming languages.
- At least 3 years of experience in application security or security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
- Understanding at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
- Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts).
- Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.)
- Experience with static code analysis (fuzzing tools are a plus, but not necessary ).
- Excellent English – written and verbal.
- Independence and can-do attitude, ambitious with a high work ethic.
- Excellent interpersonal and communication skills.
- BSc or BA in Computer Science or a similar degree.
- Experience working with development teams.
- Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications.
- Knowledge of PERL scripting languages or the desire to acquire this experience.
- Regular Expressions knowledge, or the desire to acquire experience with RegEx.