The world’s most critical--and at risk--business applications have been neglected for far too long. Onapsis eliminates this blind spot by providing cybersecurity solutions dedicated to business-critical applications. Whether running on premises, in the cloud, or in a hybrid environment, Onapsis helps nearly 30% of the Forbes Global 100 understand the threats and risks across their SAP and Oracle landscapes.
We are looking for a self-motivated, passionate and creative Security Researcher to join our Offensive Security team. While the team is distributed in South America, Europe and the USA, this role is open for remote work for the right candidate based in Romania. In this role, you will contribute to the assessment and discovery of 0-day research and vulnerabilities in ERP Security while building subject matter expertise to identify, evaluate, and extract new research methodologies and vulnerability discoveries that protect ERP customers all over the world.
You are the ideal candidate if you are excited about pure offensive security research and have a knack for breaking software applications. You have some experience under your belt and have at least tinkered with security research—perhaps you have a home lab or have previously discovered software vulnerabilities. You are an adventurous critical thinker and are eager to broaden your skill set while making an impact on a global scale of commerce.
What you will be doing, your legacy:
You will be part of the Onapsis Research Labs, this team is the tip of the spear at Onapsis. You will be engaged in our team strategy of thought leadership, developing the market and professional services all to protect our customers and the security of ERP worldwide. Work collaboratively with our team of offensive security researchers and present your achievements at acclaimed security research conferences. Be part of a team that has discovered over 1,000 zero-day vulnerabilities in business critical applications, contributed to 6 US DHS critical alerts, submitted 17 patents (8 issued and 9 pending) and generated knowledge base content of over 10,000 vulnerabilities and attacks on business critical applications.
Key activities and responsibilities:
- Research security vulnerabilities in ERP systems and business-critical applications.
- Perform consulting Ethical Hacking services on ERP systems and business-critical applications.
- Write papers, advisories, blog posts and new materials to be published on Onapsis website and other venues.
- Assist in international conferences to present the outcome of Onapsis´ research
- Hold training classes on how to assess and defend ERP Applications.
Required skills and aptitudes:
- Student or college graduate in the field of computer science or engineering.
- Fundamental understanding of network protocols and packet analysis (TCP/IP stack, HTTP/S, .pcap files)
- Experience coding/scripting in one or more general purpose languages including but not limited to Python.
- An understanding of the Linux operating system.
- Problem solving capabilities.
- Advanced English skills.
- Knowledge in penetration testing and web services security vulnerabilities including cross-site scripting, cross-site request forgery, Injections (Command, SQL, etc), DoS attacks,, API attacks and more.
- Knowledge of the OWASP Top 10 and CWE Top 25.
Desired skills and aptitudes:
- Experience reading ABAP code is a plus but definitely not a must.
- Experience in Fuzzing.
- Understanding of HTTP Schema.
- Code Auditing.
- Self-motivated and results-oriented.
- Excellent interpersonal and communication skills.
- Experience mentoring junior researchers to improve their skills, and make them more effective, offensive security researchers and pen testers
- Availability for traveling (eventually, mainly to the US and within Europe).
- Reversing Binaries
What success looks like:
After six months, you will…
- Actively participate and collaborate in research projects that may end up in new ERP security vulnerabilities discoveries
- Support research and write at least one publication
- Understand our sources, pipelines, tools, and techniques
After about a year, you will…
- Conduct offensive security penetration tests in ERP Security
- Collaborate with others to execute research agendas
- Use our sources to develop new methods in research and pipeline prioritization
What we offer:
- A role in shaping the future of protecting the most critical applications that run the world’s business and a career that grows as the company grows.
- A unique culture of high achievement and teamwork.
- Supportive and humble colleagues are the space’s top problem solvers and innovators.
- Financial security through competitive compensation and incentives.
- Career growth and personal development.