The Application Security Researcher will conduct penetration testing, manage the bug bounty program, and enhance platform security through collaboration with R&D teams.
Description
monday.com is looking for an application security researcher to research our platform for vulnerabilities, manage our bug bounty program, and work with R&D to enhance the security of our platform. The Application Security Team is based in our headquarters, Tel Aviv, Israel - you’ll be the first to join the team from London.
monday.com works hybrid with 3 days in the London office.
About The Role
- Perform black, gray, and white box penetration testing on monday.com’s platform - both frontend and backend.
- Manage the bug bounty program, including hacker engagement and communication with the hacker community.
- End-to-end work on reported vulnerabilities as part of the bug bounty program.
- Provide guidance on security best practices to developers.
- Embed/improve security threat modeling and secure coding in the development lifecycle.
- Develop security abuse cases for testing as part of the software development lifecycle.
- Perform and oversee security testing and manage remediation of identified vulnerabilities.
- Monitor and proactively report on current threats and vulnerabilities to application security.
- Initiate and automate processes for detecting and monitoring the platform security.
Requirements
- Scripting capabilities and automation mindset.
- At least 2 years of experience in web penetration-testing, blackbox and whitebox.
- In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
- Experience working with the hacker/pen-testing community.
- Team player able to and build relationships across the organization, also remotely.
- Understanding of secure web application development.
- Comprehensive knowledge of IT and information security subject matter.
- Exposure to methods of promoting security awareness.
- Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships.
- Anticipates problems and identifies long-term implications of decisions and actions.
- Ability to work and learn alone.
- Able to prioritize workload and drive work to set deadlines.
#LI-DNI
Social Title
Application Security Researcher
Social Description
None
Our Team
None
Position Type
None
About The Team (Internal)
None
Internal requirements
None
Top Skills
Automation
Owasp Framework
Web Penetration Testing
Similar Jobs at monday.com
Productivity • Sales • Software
The GRC Specialist will lead risk management programs, oversee security projects, and ensure compliance with regulatory standards while collaborating with various stakeholders.
Top Skills:
GdprIso 27001Nist
Productivity • Sales • Software
The Senior Cyber Security Analyst will oversee SOC initiatives, manage security alerts, design incident response plans, and optimize security monitoring tools while ensuring continuous learning and adaptation to industry threats.
Top Skills:
CloudMachine LearningSIEMSplunkUeba
Productivity • Sales • Software
The Senior Cloud Infrastructure Security Specialist will enhance cloud security initiatives, lead incident response, and work with cross-functional teams to protect against vulnerabilities.
Top Skills:
Ci/CdCloud Detection And ResponseCloud SecurityDevOpsDevsecopsFirewall Rules ManagementLinuxNetworkingOwasp
What you need to know about the Charlotte Tech Scene
Ranked among the hottest tech cities in 2024 by CompTIA, Charlotte is quickly cementing its place as a major U.S. tech hub. Home to more than 90,000 tech workers, the city’s ecosystem is primed for continued growth, fueled by billions in annual funding from heavyweights like Microsoft and RevTech Labs, which has created thousands of fintech jobs and made the city a go-to for tech pros looking for their next big opportunity.
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
