Application Security Engineer
Parallels Inc · United States · $120K–$130K/yr
Software Development · 201-500 employees
About the role
The role involves discovering vulnerabilities, constructing exploits, and designing fixes for core applications. You will also coordinate CVE disclosures and provide threat models and design reviews across the company.
What they look for
Requirements
Candidates should have experience in C++, Python, and memory/web exploitation techniques. A degree in computer science and certifications like OSCP, OSWE, or OSED are highly desired.
Full description
Application Security Engineer
Parallels is seeking a highly motivated and talented Application Security Engineer to join our team. In this role, you will make security decisions that impact millions of our customers while gaining hands-on experience in exploit development and CVE discovery. The ideal candidate will combine an attacker mindset with the humility and detail-oriented attitude required to coordinate fixes and security architecting with busy engineers.
Your primary responsibility will be to coordinate with more senior members of our team to write exploits and design fixes for existing application vulnerabilities. You will also help search for new critical/high risk vulnerabilities in our codebase. In addition, you will assist in vulnerability disclosure processes and help implement repeatable secure development practices.
As issues are uncovered, you will communicate with the appropriate technical and leadership teams to ensure a focus on risk mitigation – allowing for business continuity, but without negligent risk. Application security engineers are constantly assessing applications for weaknesses and finding resolutions before they can be abused.
Parallels: anytime, anywhere, any-device productivity.
Why Parallels, why now?
The top creative and technical minds could sell anywhere. So why are so many choosing Parallels? Three reasons:
This is the moment. It's an exciting time at Parallels — strong leadership, a refreshed brand, and a whole new approach to how the world works. The EUC market is shifting fast, and we're at the front of that wave. We want you riding it with us.
We want you to be you. Too many companies tell you about their culture and then expect you to fit it. Ours is built from the people who work here. We want you to feel safe being who you are, taking risks, and showing us what you've got.
It's your world. We know you have a life. We want to be part of it — not all of it. At Parallels, we're serious about empowering people to work when, how, and where they want. Couch? Sweatpants? Cool with us. Happy sellers mean happy customers. That's why we hire amazing people and get out of their way.
Sound good so far? Awesome. Let's talk about the role
What you'll do:
- Reproduce and triage incoming vulnerabilities from security automation/bug bounty programs, then propose granular fixes to engineers
- Discover vulnerabilities and construct exploits for core Parallels applications such as Parallels Remote Application Server
- Assist in the CVE disclosure process
- Provide threat models and design reviews for teams throughout the company
- Assist in tuning existing static analysis, dynamic analysis, and dependency management tools
Desired Qualities:
- An attacker mindset: engineers will often want proof before fixes are implemented
- Eagerness to learn – you are not expected to know everything coming in, but you should continuously learn new techniques on the job
- The ability to communicate clearly, acknowledge mistakes, and disagree when necessary
- Demonstrable passion for offensive security
- Experience reading, writing and debugging C++ and Python code
- Basic experience with memory exploitation techniques
- Demonstrable experience with web exploitation techniques and tools (e.g. PortSwigger lab scoreboards)
- Excellent written and oral communication skills
Ideal Candidate Will Have:
- BSc/MS in computer science or a related field
- Previous CVEs in desktop applications
- Proficiency with reverse engineering tools
- Significant experience in memory exploitation techniques (e.g. gaining code execution from memory vulnerabilities in modern operating systems)
- Familiarity with cloud security best practices
- 3+ years of industry experience
- OSCP/OSWE/OSED/RET2 certification
What are you waiting for? Apply now. We can't wait to meet you.
(FYI, we're lucky to get a lot of interest and we appreciate every application — please note we'll only reach out if you've been selected for an interview.)
About Parallels
Parallels is a top VDI/EUC product helping businesses since 1999. Whether it's desktop or cloud, on-prem or hybrid, Parallels delivers speed, security, and affordability for the modern work environment.
It is our policy and practice to offer equal employment opportunities to all qualified applicants and employees without regard to race, color, age, religion, national origin, sex, political affiliation, sexual orientation, marital status, disability, veteran status, genetics, or any other protected characteristic.
Parallels is committed to an inclusive, barrier-free recruitment and selection process and work environment. If you are contacted for a job opportunity, please advise us of any accommodations required. Appropriate accommodation will be provided upon request as required by law.
#LI-Remote