Senior Threat Researcher - Ghost Security

About the Role

We are looking for Senior Threat Researcher to help us research and discover modern threats to web applications and APIs. As a Senior Threat Researcher at Ghost, your work will lead to improved threat detection and defense capabilities for Ghost customers. You'll be working closely with our platform engineers to implement powerful capabilities that protect Ghost customers from modern threat actors. If you have a solid background in web application pen testing, threat research, or web based exploit development, and are ready take on a senior level threat research role, we want to meet you.

Ghost is growing fast and the research team is no exception. The role is fully engaged - you will be writing code, testing exploit scenarios, validating detection and defensive measures, and guiding/mentoring other members of the research team. You'll need to be comfortable collaborating closely with other members of the research team, engineers, and product managers to deliver an exceptional security platform for our customers.

About You

• Experienced at rapidly prototyping web app, API, and distributed system exploits proof-of-concepts in code (Python or Go preferred)
• Experienced at self-directed, precisely scoped threat research
• Driven to explore unconventional attack vectors in modern apps & APIs and share findings via industry publications
• Capable of mentoring and providing support and guidance for other team members
• Comfortable working in an asynchronous, distributed team environment with team members in different time zones
• Have demonstrable work product hosted online (e.g. code repos, projects, reports, articles, or documentation)
• Have excellent verbal and written communication skills (English)
• Bonus if you have experience participating in commercial bug bounty programs
• Bonus if you have experience creating or participating in capture-the-flag style simulation environments