Senior Security Content Researcher

About the job

The world’s most critical--and at-risk--business applications have been neglected for far too long. Onapsis eliminates this blind spot by providing cybersecurity solutions dedicated to business-critical applications. Whether running on-premises, in the cloud, or in a hybrid environment, Onapsis helps nearly 30% of the Forbes Global 100 understand the threats and risks across their SAP and Oracle landscapes. 

We seek a self-motivated and enthusiastic Security Content Researcher who wants to impact cybersecurity by continuing to advance, maintain, and enhance our platform features in Threat Detection and Response, Vulnerability Management, and Compliance Automation. The Senior Security Content Researcher will be a pivotal member of our cybersecurity team, responsible for identifying and mitigating security risks within our organization's enterprise-level software and applications. This role is designed for a seasoned professional with extensive experience in cybersecurity and a deep understanding of securing critical systems and data. 

What you will be doing, your legacy: 

Working with leadership, product management, and the Onapsis research team. ​You will be engaged in evaluating, scoping, proposing, and building security checks to fulfill business solution requirements to protect our customers. Working with a team of cybersecurity researchers will develop strong skills in both security and SAP. You'll develop and test a vast portfolio of security configurations using Python. As per your deeply developed knowledge in Business Critical Applications, cybersecurity, and vulnerabilities, you can handle support problem resolution, analyzing false positives and/or scan issues. Additionally, you will work with the Marketing team, collaborating with the Onapsis Blog and sharing our research results with the SAP security community.

Requirements:

• Extensive knowledge of cybersecurity principles, including confidentiality, integrity, and availability (CIA)
• Basic knowledge of SAP platforms (ABAP, JAVA and HANA)
• Familiarity with security assessment tools (e.g., Nmap, Wireshark, Burp Suite) and their usage.
• Familiarity with security risk management and threat modeling.
• +3 years of programming experience with Python
• Knowledge of network protocols, architecture, and security mechanisms.
• Understanding of common network vulnerabilities and attacks.
• Basic knowledge of intrusion detection/prevention systems (IDS/IPS) and firewalls.
• Basic understanding of web application security concepts (e.g., OWASP Top Ten).
• Awareness of common web vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
• Strong leadership skills, including the ability to lead and mentor junior and mid-level security researchers.
• Proactive pursuit of the latest cybersecurity trends, emerging threats, and technologies.
• Enthusiasm for continuous professional development through training and certifications.
• Effective communication skills, both written and verbal.

Desired skills or interests in:

• Research on security challenges and potential solutions
• Experience reading ABAP code
• Practical experience in creating Snort Signatures.
• Knowledge of Regular Expressions (regex).
• Design creative solutions for cyber-security-related problems
• Advanced knowledge of data structures, algorithms, databases, and software design.
• The ability to conduct code reviews.
• Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations

What we offer: 

• A role in shaping the future of protecting the most critical applications that run the world's business and a career that grows as the company grows.
• A unique culture of high achievement and teamwork.
• Supportive and humble colleagues are the space's top problem solvers and innovators.
• Financial security through competitive compensation and incentives.

Location:

Onapsis established a new development center in Bucharest. This is a hybrid role, so candidates must be commutable to Bucharest.

 About Onapsis:

Onapsis protects the business applications that run the global economy. The Onapsis Platform delivers vulnerability management, change assurance, and continuous compliance for business applications from leading vendors such as SAP, Oracle, and others. The Onapsis Platform is powered by the Onapsis Research Labs, the team responsible for the discovery and mitigation of more than 1,000 zero-day vulnerabilities in business applications.

Onapsis is headquartered in Boston, MA, with offices in Heidelberg, Germany and Buenos Aires, Argentina, and proudly serves hundreds of the world’s leading brands, including close to 30% of the Forbes Global 100, six of the top 10 automotive companies, five of the top 10 chemical companies, four of the top 10 technology companies, and three of the top 10 oil and gas companies.

For more information, connect with Onapsis on LinkedIn or visit https://www.onapsis.com.

#LI-AC1

#LI-Hybrid