Senior Security Assessment Research Consultants - Include Security, LLC. North America or South America Bookmark Share Print 1386 3 23

Listing Description

Include Security is looking for experienced application Security Consultants. Experience in finding critical vulnerabilities during web app code reviews is a must, but we also end up doing a fair number of mobile apps, client apps, server apps, APIs, and embedded devices/IoT as well. We also do a bit of Reversing every now and then, so that experience helps for the occasion it arises.

We work on hundreds of projects a year, here's what we've got going on this month and next:

- This month, we're mostly hacking Java/Scala/C/C++/JS/Python

- Next month, an app with microservices written in 10 different programming languages, a windows userland sandbox, lots of mobile apps, and web services written in PHP/Java/Ruby

- The rest of the year could be anything, as it's never the same thing twice here!

Who you might be:

- You are an experienced application hacker

- Web hacking is second nature, but perhaps so are other types of hacks (Reversing, Mobile, Client/Server, Crypto, Kernels, etc.)

- You've already done consulting, enterprise assessment work, or are always at the top of the bug bounties for a number of years (sorry, we don't hire Junior consultants. It is our company policy.)

- You're looking for a no-nonsense environment where the process is optimized for getting out of your way and letting you find vulns.

- You're happy to share and collaborate with the rest of the team.

- You love the flexibility of a remote work environment. Our team is based in NYC, but we have consultants across seven countries in North America, EU, and South America.

- You are self-sufficient

- You don't need micromanagement

- You know that great hacks are only half the battle, great technical writing to describe your work is your strength as well

- You are undaunted by large and complex source trees and see the code as your friend

Who we are:

We're an all expert boutique consulting company that has served hundreds of clients since our founding in 2010. We do this with a relaxed remote working environment where we can expertly hack on big-name clients such as large websites, software companies, hardware companies, as well as tons of start-ups you've heard of. We do our best to put a different spin on the InfoSec/AppSec consulting game as we put our consultants and clients first and foremost! That means work on your own schedule, work from wherever you want (we've had people submit RCE findings while camping in the French Alps), and we only work with self-directed and responsible senior consultants who consistently show professional results (pay is based on that kind of experience.)

If any of this sounds interesting please contact us with a resume/CV. Feel free to include links to any of your work that might be public or a description of any private research you feel like sharing.

What we offer:

- Interesting Projects: 75% of our projects are web-related assessments; quite often massive scale platforms or cutting edge small tech projects. The remaining 25% are other types of assessments (mobile apps, network appliances, clients, servers, network pentests, kernel drivers, IoT, hardware, etc.)

- Pay/Benefits: We pay in the ballpark of the larger consulting shops and we offer 100% coverage from top tier health/dental plans and partial coverage of dependants.

- Telecommuting: Yes, almost exclusively. Travel is an option if you want it, but it's currently ~1% of our total work.

- No administrative stuff: We have full-time technical project managers (TPM), who take care of all the administrative stuff for you (organizing meetings, client updates, report QA organization/management, etc.).

- Working with an all-senior team: There is no need to teach a junior consultant that you might be paired with on how to actually do their job since we don’t work with junior consultants.

- Paid time off: On top of, an average of 11 the US Holidays, we offer four (4) weeks of paid time off.

- Research time: You will get a minimum of four (4) weeks of dedicated research time (actual time is employee-specific, but we do have a minimum).

- Flexible working hours: By default, we work during the EST business hours. But, if you want to start your day at 11:00 am (EST), usually isn’t a problem.

- Healthy work/life balance: If you’re working over 45hrs in a given week then there is something wrong, bring it up to management so we can work on fixing it.

- Location: We're looking for folks in -8 GMT through -1 GMT timezones (N. America or S. America only)

- Lots more: Sales bonuses, referral bonuses, company laptop, long term paid sabbatical, conference travel, 401(k) retirement savings plan.

Contact email:

careers includesecurity [dot] comFind awesome vulnerabilities in whatever our clients throw at us (web applications, mobile, client/server, crypto, kernels, hardware, etc.).