Security Researcher - Offensive Security
Securing the World’s Business-Critical Applications
Onapsis is rapidly expanding, achieving record growth year after year. We are seeking passionate contributors who thrive in an open and collaborative environment.
Onapsis protects the applications that run the global economy. Only Onapsis delivers a next-generation platform for protecting mission-critical applications by providing the actionable insight, change assurance, automated governance and continuous monitoring capabilities required by cross-functional teams to discover risk, optimize workflows, control change and automate reporting. Onapsis’s holistic approach empowers enterprise organizations to embrace and accelerate SAP and Oracle E-Business Suite modernization, cloud and mobility initiatives, while keeping their ERP, CRM, PLM, HCM, SCM, BI and cloud-based mission-critical applications protected and compliant.
Headquartered in Boston, MA, and with regional offices in Heidelberg, Germany and Buenos Aires, Argentina, Onapsis proudly serves more than 300 of the world’s leading brands and organizations, including many of the Global 2000.
We are looking for young, passionate and creative security enthusiasts who are eager to improve their skills in the Information Security field. They will learn from and work side-by-side with a team of experienced security researchers who have been invited to lecture at the most important security conferences of the world.
Key activities and responsibilities:
Research on security vulnerabilities in ERP systems and business-critical applications.
Perform consulting Ethical Hacking services over ERP systems and business-critical applications.
Develop exploits and attack detection rules for Onapsis Security Platform.
Write papers, blog post and new materials to be published in Onapsis website.
Required skills and aptitudes:
Strong desire to learn.
Basic knowledge of TCP/IP communication protocols.
Basic knowledge Operating System fundamentals.
Basic knowledge of Networking and Packet Analysis (wireshark, tcpdump, etc.).
Knowledge in Ethical Hacking, exploiting, pentesting.
Intermediate English skills (written)
Desired skills and aptitudes:
Knowledge of development languages: Python/C/C++/Java/Assembler.
Practical experience in security software development.
Knowledge in reverse engineering (in binary form and/or Java)
Practical experience on creating Snort Signatures.
Advanced knowledge of Regular Expressions (regex).
Experience reading ABAP code is a plus but definitely not a must.
Availability for traveling (eventually, mainly to US and Europe).
Advanced English oral skills.
Onapsis is the pioneer in cybersecurity and compliance solutions for cloud and on-premise business-critical applications. As the proven market leader, global enterprises trust Onapsis to protect the essential information and processes that run their businesses. Headquartered in Boston, MA, Onapsis serves over 200 customers including many of the Global 2000. Onapsis’ solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, Deloitte, E&Y, IBM, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform for SAP, which is currently the most widely-used SAP-certified cybersecurity solution in the market, and the Onapsis Security Platform for EBS. Unlike generic security products, Onapsis' context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle E-Business Suite and JD Edwards platforms. Onapsis has been issued U.S. Patent No. 9,009,837 U.S. Patent No. 9,009,837 entitled “Automated Security Assessment of Business-Critical Systems and Applications,” which describes certain algorithms and capabilities behind the technology powering the Onapsis Security Platform™ and Onapsis X1™ software platforms. This patented technology is recognized industry wide and has gained Onapsis the recognition as a 2015 SINET 16 Innovator and Red Herring North America 2017 winner. For more information, please visit www.onapsis.com , or connect with us on Twitter, Google+, or LinkedIn.
Want to learn more about Onapsis? Visit Onapsis's website.
Reddit is an American social news aggregation, web content rating, and discussion website.