Key skills
Application SecurityPenetration TestingBug BountyProduct Security EngineeringOWASP Top 10Prototype PollutionServer-side InjectionSSRFIDORGraphQL Attack SurfaceJavaScriptJavaTechnical Security ReportingCVSS ScoringSQLGraphQLOWASP
About this role
IDR, Inc. is seeking an Application Security Engineer to join one of their top clients for a remote opportunity. The role involves managing security findings, analyzing vulnerabilities, and collaborating with engineering teams to implement remediation strategies within a global security support team.
Responsibilities:
- Join the Global Security Support Center (GSSC) Application Security team and manage security vulnerabilities reported by customers and penetration testers
- Triages real vulnerability reports, assesses exploitability, scope, and risk, and determines appropriate remediation paths
- Analyzes platform-level vulnerabilities across web, API, and server-side attack surfaces such as SSRF, IDOR, SQL injection, XSS, and privilege escalation
- Communicates security assessments clearly to both technical teams and executive stakeholders
- Collaborates with engineering teams to file defects, validate patches, and ensure completion of fixes
Requirements:
- 3+ years in application security — pentesting, bug bounty, or product security engineering
- Strong working knowledge of OWASP Top 10 and beyond: prototype pollution, server-side injection, SSRF, IDOR, GraphQL attack surface
- Ability to read and trace code across JavaScript and Java codebases
- Experience writing technical security reports for both engineering and executive audiences
- CVSS scoring fluency — not just the number, but the reasoning