Wixs Security Guild is a group of highly motivated Security Engineers that form part of the Wix R&D group. We allow Wix Developers and users to achieve their goals without risk, often meaning we find or create unique solutions. Our work is exceptionally challenging due to Wixs scale, agility, and advanced technical diversity.
Wixs Application Security is a group of highly motivated Security Engineers that form a part of the huge R&D group at Wix. Our job is to allow Wix developers and users to achieve their goals without risk, which often means we have to find or invent completely unique solutions.
We play an essential role in every area of Wix: design, innovation, SDLC, architecture, infra, dedicated tool/solution development.
When it comes to technology, we have the ultimate playground, and although we work closely together, theres always space for independence, innovation and creativity for every team member.
Job Description
Research, identify, evaluate and implement the best solutions for security in Wixs production environment
Research, identify, evaluate and implement the best solutions for the platform code and services used by our developers
Work closely with development and system teams on all SDLC levels, performing security design reviews, threat modeling and penetration tests, while acting as a security mentor for developers
Investigate abnormal activity in production
Build creative tools and services to detect and solve cross-security issues
Requirements: A Senior Application Security Researcher with 5+ years of hands-on experience in application security
Hands-on experience in security research with an offensive mindset
In-depth knowledge of web application vulnerabilities, their exploitation in the real world, and browser security mechanisms
A deep understanding of authentication and authorization protocols, and application security methodologies
Passionate about cutting-edge technologies
Excited by the idea of taking on lots of responsibility, you can work independently and be flexible
Open-minded self-learner who can see the big picture, analyze complex systems, identify potential failure points and find opportunities for big security wins
An advantage if you:
Published security research
Participated in bug bounty programs
Know Node/Java/Scala programming languages, or know your way around Docker containers and Kubernetes
Know your way around AWS and GCP environments, or cloud and microservice architectures
.המשרה מיועדת לנשים ולגברים כאחד