AppSec Research

Responsibilities

The primary responsibilities include testing CodeThreat's program analysis principles, discovering new vulnerabilities, identifying weaknesses, and creating related content. This includes generating proof-of-concept demonstrations for newly discovered vulnerabilities.

Collaboration and Workflow

The AppSec Research Squad collaborates closely with other squads, particularly the Product and Analyzer Development squads, to implement findings and enhance product security. Regular meetings and continuous learning ensure the team stays updated with the latest security trends and best practices.

Specific Expectations

• Program Analysis and Vulnerability Discovery: Test CodeThreat's program analysis principles, discover new vulnerabilities, and identify weaknesses and gaps.

• Content Creation: Produce detailed reports, insights, and proof-of-concept demonstrations for emerging threats and vulnerabilities.

• Customer Support: Provide occasional support for application security questions from customers.

• Collaboration with Analyzer Development Squad: Work directly with the Analyzer Development Squad to identify gaps in analysis tools, complete rule sets using ShiftQL or the CodeThreat Legacy On-Demand Scanner, and write new scanner benchmarks.

• Open Source Scanning: Scan open-source tools through CodeThreat to discover new vulnerabilities and provide feedback to the Product Squad based on the usage process.

Collaboration and Culture

The AppSec Research Squad values collaboration, with regular meetings to integrate security findings into product development and tool enhancement processes. The culture emphasizes continuous learning and knowledge sharing within the squad and across the organization.