Application Security Researcher

We are seeking a highly motivated and technically proficient Senior Penetration Tester to join our security research division. This role is dedicated to performing advanced offensive security assessments against the biggest companies in the world

You need to be independent, attentive to details, organized, eager to learn new things, and like to research and solve problems

What you’ll do:

• Lead and execute comprehensive, technically rigorous penetration tests targeting complex web applications, modern API architectures, and enterprise systems for organizations with significant global presence.
• Engage in sophisticated Red Team projects, including the identification of undisclosed API endpoints, development of novel bypass techniques for established security controls, and lateral movement within target environments.
• Contribute substantively to the design, development, and maintenance of proprietary internal security tools and automation frameworks to enhance the efficacy and efficiency of offensive operations.

Requirements:

• Minimum of 3 years of proven, hands-on experience in application security analysis, with a heavy emphasis on complex API penetration testing and a mastery of the OWASP Top 10 landscape.
• Proficiency in developing and automating tasks using at least one language like Python, JavaScript, or GoLang.
• Strong experience with static and dynamic analysis of Android and iOS applications, including hands-on experience with techniques like detours, hooking, and runtime code manipulation
• Deep, hands-on knowledge of the latest tactics, techniques, and procedures (TTPs) used in advanced penetration testing and network analysis.
• Ability to author comprehensive and technically rigorous reports detailing identified vulnerabilities and research outcomes.

Nice to have:

• OSCP, OSWE, eWPTXv2, CRTP, or other high-level offensive certifications.
• Hands-on experience with industry-standard reversing tools like JADX, Ghidra, or IDA Pro.
• Demonstrated online achievements, write-ups, or contributions on platforms such as HackTheBox, Pwn2Own, TryHackMe, Bug Bounty programs, or published security research.

Alice is a trust, safety, and security company built for the AI era. We safeguard the communicative technologies people use to create, collaborate, and interact—whether with each other or with machines.

In a world where AI has fundamentally changed the nature of risk, Alice provides end-to-end coverage across the entire AI lifecycle. We support frontier model labs, enterprises, and UGC platforms with a comprehensive suite of solutions: from model hardening evaluations and pre-deployment red-teaming to runtime guardrails and ongoing drift detection.