Senior Vulnerability Resercher - Cybersecurity Company at Truelogic

ABOUT TRUELOGIC At Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of all sizes, from innovative startups to industry leaders, helping them achieve their digital transformation goals. Our team of 600+ highly skilled tech professionals, based in Latin America, drives digital disruption by partnering with U.S. companies on their most impactful projects. Whether collaborating with Fortune 500 giants or scaling startups, we deliver results that make a difference. By applying for this position, you’re taking the first step in joining a dynamic team that values your expertise and aspirations. We aim to align your skills with opportunities that foster exceptional career growth and success while contributing to transformative projects that shape the future. OUR CLIENT A hypergrowth cybersecurity startup focused on building advanced Agentic Red Team capabilities. Their platform automates offensive security techniques to help organizations continuously identify vulnerabilities, attack paths, and security gaps across modern environments. Designed for mid-market and enterprise organizations, the platform enables security teams to proactively strengthen their defenses through scalable, automated security testing and intelligent attack simulation. JOB SUMMARY We are looking for a highly skilled Vulnerability Researcher to identify real-world security vulnerabilities across modern web applications and translate those findings into scalable, automated testing logic. This role combines hands-on offensive security expertise with an automation-focused mindset. You’ll work on replicating sophisticated attack scenarios at scale, helping evolve the platform’s automated red team capabilities. You’ll collaborate closely with engineering and product teams to improve detection logic, expand testing coverage, and continuously enhance the platform’s offensive security engine. RESPONSIBILITIES - Perform security research on web applications, APIs, and complex application workflows. - Identify, validate, and reproduce real-world vulnerabilities in modern applications. - Analyze authentication, authorization, session management, and access control mechanisms. - Translate manual penetration testing techniques into automated detection and exploitation logic. - Develop and refine payloads, exploit strategies, and vulnerability validation methods. - Analyze HTTP traffic, browser behavior, and application flows to uncover security weaknesses. - Collaborate with engineering teams to improve the platform’s automation and offensive security capabilities. - Document findings clearly, including technical details, impact analysis, and reproduction steps. QUALIFICATIONS AND JOB REQUIREMENTS - 5+ years of hands-on experience in vulnerability research, penetration testing, bug bounty programs, or offensive security. - Strong expertise in web application and API security. - Deep understanding of Authentication and authorization flows; JWT, OAuth, SSO, sessions, and cookies; Access control vulnerabilities and privilege escalation. - Proven experience identifying vulnerabilities (IDOR / BOLA, Business logic flaws, Authentication bypasses, Privilege escalation vulnerabilities). - Experience using offensive security tools (Burp Suite, Postman, curl, Browser DevTools). - Ability to analyze and manipulate HTTP requests/responses and application behavior. - Scripting experience with Python or JavaScript. - Experience converting manual pentesting workflows into automated testing logic. - Strong communication and documentation skills. - Conversational English proficiency. - Must be located in Latin America. NICE TO HAVE - Strong Python development skills. - Experience with browser automation (Playwright, Selenium, Puppeteer). - Experience with GraphQL, gRPC, WebSockets, and mobile APIs. - Exposure to cloud security environments. - Familiarity with AI-driven security or automated exploitation workflows. - Familiarity with tools such as Nuclei or custom vulnerability scanners. WHAT WE OFFER - 100% Remote Work: Enjoy the freedom to work from the location that helps you thrive. All it takes is a laptop and a reliable internet connection. - Highly Competitive USD Pay: Earn an excellent, market-leading compensation in USD, that goes beyond typical market offerings. - Paid Time Off: We value your well-being. Our paid time off policies ensure you have the chance to unwind and recharge when needed. - Work with Autonomy: Enjoy the freedom to manage your time as long as the work gets done. Focus on results, not the clock. - Work with Top American Companies: Grow your expertise working on innovative, high-impact projects with Industry-Leading U.S. Companies. WHY YOU’LL LIKE WORKING HERE - A Culture That Values You: We prioritize well-being and work-life balance, offering engagement activities and fostering dynamic teams to ensure you thrive both personally and professionally. - Diverse, Global Network: Connect with over 600 professionals in 25+ countries, expand your network, and collaborate with a multicultural team from Latin America. - Team Up with Skilled Professionals: Join forces with senior talent. All of our team members are seasoned experts, ensuring you're working with the best in your field. Apply now!