Security Research Engineer

Security | Minsk | Vilnius | Amsterdam

Primary Responsibilities

  • Knows the field in great depth, has spoken at conferences, meetups, and written papers on various products/topics/technologies in Cloud Security, you will play an integral part to the continuous development of this ever-growing tech-focused and security first company.
  • You will consider future and emerging security technologies, risks, and attacks against items such as A.I. and M.L.
  • Extensive experience as a Cloud Security Researcher
  • Experience with any of the major Cloud Providers (AWS)
  • A strong understanding of DevSecOps (Docker, Kubernetes, Jenkins, etc)
  • A strong understanding of Software Development (a background with any OO language will be considered)
  • An active member of the Tech community from a Cloud Security perspective
  • Pioneer new research into cloud security, DevSecOps, security automation, asset discovery, and related topics. We expect that this will comprise at least 50% of the role, and underpin several of the other activities.
  • Share your research output publicly through blog posts, conference talks, and other channels. Leading our security comms strategy and internal staff training covering all levels. 
  • Continuously monitor major cloud technology stacks as the Flo Health subject matter expert and understand their security implications from an offensive and defensive perspective.
  •  Liaise closely with customers who are performing security automation at scale, to understand their use cases, functional requirements, deployment modes, and likely future trends.
  •  Collaborate with our software development teams who are working on cloud-based usage and SaaS, to help shape product strategy, functional requirements, and implementation alternatives.
  • Be involved in relationships with key strategic partners, including public cloud providers and large-scale consumers of cloud services.
  • Deliver internal training to software engineers, product managers, customer support agents, and others.
  • Experience of software development and working knowledge of programming and scripting languages.
  • Experience of working in or alongside agile development teams.
  • Excellent knowledge of modern web technologies covering the whole stack including network protocols and architecture, server-side application platforms, microservices, and storage technologies. 

Required Skills & Abilities

  • Deep expertise in web security vulnerability discovery, detection, and exploitation techniques
  • Performed pioneering research into new vulnerability classes and new takes on old bugs, including web cache poisoning, server-side template injection, HTTP request smuggling, CORS misconfigurations, and general OWASP security risks.
  • Represent Flo Health at industry events
  • You've got a proven track record of high-quality evidence-based research output on topics related to cloud security, security automation, or security within the SDLC. You may have shared your work through conference talks, blog posts, open-source code, or training courses.
  • English (B2+)
  • Excellent written and verbal communication skills
  • Ability to build solid relationships with surrounding teams
  • Must be able to use Jira and Confluence

Preferred skills

  • Applicable Security degree
  • DevSecOps
  • Public speaking