Senior Vulnerability Researcher – Cybersecurity

Job not on LinkedIn

🕒 May 7

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Truelogic Software

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 2004

☁️ SaaS

🤝 B2B

🏢 Enterprise

SaaS • B2B • Enterprise

Truelogic Software is a nearshore software development company specializing in agile staff augmentation services. They focus on providing custom outsourced software development with a team of highly skilled engineers from Latin America. Truelogic Software partners with both startups and Fortune 500 companies, offering solutions that align with their clients' time zones and ensuring high-quality outcomes through collaboration and responsiveness. With a presence in over 25 countries, Truelogic emphasizes remote work for better quality of life, and their engineers are experienced in various industries, delivering a wide range of successful projects globally.

📋 Description

• Perform security research on web applications, APIs, and complex application workflows. • Identify, validate, and reproduce real-world vulnerabilities in modern applications. • Analyze authentication, authorization, session management, and access control mechanisms. • Translate manual penetration testing techniques into automated detection and exploitation logic. • Develop and refine payloads, exploit strategies, and vulnerability validation methods. • Analyze HTTP traffic, browser behavior, and application flows to uncover security weaknesses. • Collaborate with engineering teams to improve the platform’s automation and offensive security capabilities. • Document findings clearly, including technical details, impact analysis, and reproduction steps.

🎯 Requirements

• 5+ years of hands-on experience in vulnerability research, penetration testing, bug bounty programs, or offensive security. • Strong expertise in web application and API security. • Deep understanding of Authentication and authorization flows; JWT, OAuth, SSO, sessions, and cookies; Access control vulnerabilities and privilege escalation. • Proven experience identifying vulnerabilities (IDOR / BOLA, Business logic flaws, Authentication bypasses, Privilege escalation vulnerabilities). • Experience using offensive security tools (Burp Suite, Postman, curl, Browser DevTools). • Ability to analyze and manipulate HTTP requests/responses and application behavior. • Scripting experience with Python or JavaScript. • Experience converting manual pentesting workflows into automated testing logic. • Strong communication and documentation skills. • Conversational English proficiency. • Must be located in Latin America. • Nice to have • Strong Python development skills. • Experience with browser automation (Playwright, Selenium, Puppeteer). • Experience with GraphQL, gRPC, WebSockets, and mobile APIs. • Exposure to cloud security environments. • Familiarity with AI-driven security or automated exploitation workflows. • Familiarity with tools such as Nuclei or custom vulnerability scanners.

🏖️ Benefits

• 100% Remote Work: Enjoy the freedom to work from the location that helps you thrive. All it takes is a laptop and a reliable internet connection. • Highly Competitive USD Pay: Earn an excellent, market-leading compensation in USD, that goes beyond typical market offerings. • Paid Time Off: We value your well-being. Our paid time off policies ensure you have the chance to unwind and recharge when needed. • Work with Autonomy: Enjoy the freedom to manage your time as long as the work gets done. Focus on results, not the clock. • Work with Top American Companies: Grow your expertise working on innovative, high-impact projects with Industry-Leading U.S. Companies.