Parallels is seeking a highly motivated and talented Application Security Engineer to join our team. In this role, you will make security decisions that impact millions of our customers while gaining hands-on experience in exploit development and CVE discovery.
Responsibilities:
- Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs, then propose granular fixes to engineers
- Discover vulnerabilities and construct exploits for core Parallels applications such as Parallels Remote Application Server
- Assist in the CVE disclosure process
- Provide threat models and design reviews for teams throughout the company
- Assist in tuning existing static analysis, dynamic analysis, and dependency management tools
Requirements:
- An attacker mindset: engineers will often want proof before fixes are implemented
- Eagerness to learn – you are not expected to know everything coming in, but you should continuously learn new techniques on the job
- The ability to communicate clearly, acknowledge mistakes, and disagree when necessary
- Demonstrable passion for offensive security
- Experience reading, writing and debugging C++ and Python code
- Basic experience with memory exploitation techniques
- Demonstrable experience with web exploitation techniques and tools (e.g. PortSwigger lab scoreboards)
- Excellent written and oral communication skills
- BSc/MS in computer science or a related field
- Previous CVEs in desktop applications
- Proficiency with reverse engineering tools
- Significant experience in memory exploitation techniques (e.g. gaining code execution from memory vulnerabilities in modern operating systems)
- Familiarity with cloud security best practices
- 3+ years of industry experience
- OSCP/OSWE/OSED/RET2 certification