[Hiring] Senior Vulnerability Researcher @Truelogic

Role Description

We are looking for a highly skilled Vulnerability Researcher to identify real-world security vulnerabilities across modern web applications and translate those findings into scalable, automated testing logic. This role combines hands-on offensive security expertise with an automation-focused mindset. You’ll work on replicating sophisticated attack scenarios at scale, helping evolve the platform’s automated red team capabilities. You’ll collaborate closely with engineering and product teams to improve detection logic, expand testing coverage, and continuously enhance the platform’s offensive security engine.

Responsibilities

• Perform security research on web applications, APIs, and complex application workflows.
• Identify, validate, and reproduce real-world vulnerabilities in modern applications.
• Analyze authentication, authorization, session management, and access control mechanisms.
• Translate manual penetration testing techniques into automated detection and exploitation logic.
• Develop and refine payloads, exploit strategies, and vulnerability validation methods.
• Analyze HTTP traffic, browser behavior, and application flows to uncover security weaknesses.
• Collaborate with engineering teams to improve the platform’s automation and offensive security capabilities.
• Document findings clearly, including technical details, impact analysis, and reproduction steps.

Qualifications

• 5+ years of hands-on experience in vulnerability research, penetration testing, bug bounty programs, or offensive security.
• Strong expertise in web application and API security.
• Deep understanding of Authentication and authorization flows; JWT, OAuth, SSO, sessions, and cookies; Access control vulnerabilities and privilege escalation.
• Proven experience identifying vulnerabilities (IDOR / BOLA, Business logic flaws, Authentication bypasses, Privilege escalation vulnerabilities).
• Experience using offensive security tools (Burp Suite, Postman, curl, Browser DevTools).
• Ability to analyze and manipulate HTTP requests/responses and application behavior.
• Scripting experience with Python or JavaScript.
• Experience converting manual pentesting workflows into automated testing logic.
• Strong communication and documentation skills.
• Conversational English proficiency.
• Must be located in Latin America.

Nice to have

• Strong Python development skills.
• Experience with browser automation (Playwright, Selenium, Puppeteer).
• Experience with GraphQL, gRPC, WebSockets, and mobile APIs.
• Exposure to cloud security environments.
• Familiarity with AI-driven security or automated exploitation workflows.
• Familiarity with tools such as Nuclei or custom vulnerability scanners.

Benefits

• 100% Remote Work: Enjoy the freedom to work from the location that helps you thrive. All it takes is a laptop and a reliable internet connection.
• Highly Competitive USD Pay: Earn an excellent, market-leading compensation in USD, that goes beyond typical market offerings.
• Paid Time Off: We value your well-being. Our paid time off policies ensure you have the chance to unwind and recharge when needed.
• Work with Autonomy: Enjoy the freedom to manage your time as long as the work gets done. Focus on results, not the clock.
• Work with Top American Companies: Grow your expertise working on innovative, high-impact projects with Industry-Leading U.S. Companies.

Why You’ll Like Working Here

• A Culture That Values You: We prioritize well-being and work-life balance, offering engagement activities and fostering dynamic teams to ensure you thrive both personally and professionally.
• Diverse, Global Network: Connect with over 600 professionals in 25+ countries, expand your network, and collaborate with a multicultural team from Latin America.
• Team Up with Skilled Professionals: Join forces with senior talent. All of our team members are seasoned experts, ensuring you're working with the best in your field.