SDE I (Vulnerability Detection)

About us: Astra is a cyber security SaaS company that makes otherwise chaotic pentests a breeze with its one-of-a-kind Pentest Platform Astra's continuous vulnerability scanner emulates hacker behavior to scan applications for 8300+ security tests CTOs & CISOs love Astra because it helps them fix vulnerabilities in record time and move from DevOps to DevSecOps with Astra's CI/CD integrations, Astra is loved by 650+ companies across the globe In 2024 Astra uncovered 2 5 million+ vulnerabilities for its customers, saving customers $110M+ in potential losses due to security vulnerabilities, We've been awarded by the President of France Mr Fran?ois Hollande at the La French Tech program and Prime Minister of India Shri Narendra Modi at the Global Conference on Cyber Security Loom, MamaEarth, Muthoot Finance, Canara Robeco, ScripBox etc are a few of Astras customers, Role Overview Are you a motivated and technically curious Software Development Engineer (Python/JavaScript) with a growing interest in cybersecurityDo you enjoy building robust and scalable systems and are you intrigued by the challenge of automating pentesting Your primary focus will be on identifying new attack techniques and developing high-fidelity detection rules to enhance our offensive security engine and Attack AI You will work closely with security researchers, engineers, and product teams to ensure our platform remains ahead of evolving threats, If you're passionate about offensive security, love breaking things to make them more secure, and want to shape the future of automated vulnerability detection, wed love to have you on board, Roles & Responsibilities: Work within our dynamic Attack AI team to design, develop, and maintain software components for vulnerability detection in web applications, cloud environments, and APIs, Collaborate with security researchers to understand their findings and translate them into robust and efficient detection logic and automated processes, Develop and maintain Python and/or JavaScript-based detection logic, leveraging your strong programming skills to automate security analysis and exploit identification, Design and implement APIs and automation frameworks that facilitate the integration of new detection modules and enhance the scalability of our security engine, Work in an agile development environment, actively contributing to the architecture, design, and implementation of Astra's scanning engine, Research, design, develop, and troubleshoot?you will be instrumental in building and owning the core components you work on, Write secure, modular, testable, and well-documented code to maintain high-quality engineering standards across our detection engine, Adhere to strict code review and security best practices, ensuring high-quality and maintainable code within the security context, Ensure timely delivery of features and components, maintaining transparency with technical managers regarding development progress, Basic Qualifications Strong analytical mindset with a passion for security research and offensive security, ~1 year experience involving security & development experience in JavaScript (preferred) or Python, A foundational understanding of security principles and a strong desire to learn how they apply to Web, API, and Cloud environments, Excellent problem-solving and debugging skills with a keen eye for detail in developing reliable software solutions, Strong communication and collaboration skills, with the ability to work effectively in a remote team environment and interact with both engineering and research team members, A strong eagerness to learn and apply new technologies and development methodologies, particularly within the context of security engineering using Python and JavaScript, Familiarity with Git for version control and collaboration is essential, Good to have Experience using security tools such as Burp Suite, OWASP ZAP, or similar vulnerability assessment tools, Understanding of HTTP request lifecycle, HTTP methods, REST APIs etc Experience with bash scripting Prior experience working in a remote role, with strong self-management and collaboration skills, We Offer: Adrenaline rush of being a part of a fast-growing company and working on hard problems that matter, Fully remote, agile working environment, Good engineering culture with full ownership in design, development, and release lifecycle, A wholesome opportunity where you get to build things from scratch, improve, and ship code to production in hours, not weeks, Holistic understanding of the SaaS and security industry, Annual trips to beaches or mountains (last one was to Wayanad!), Open and supportive culture, Health insurance & other benefits for you and your spouse (maternity benefits included),