About cside:
cside is laser focussed on solving web security in AI age. Starting with client-side injections. Covering previously unmonitored attack surfaces in developer and user friendly ways.
The team of cside are a diverse mix of highly capable subject matter experts. We’re kind but we mean business.
Since January 2024, cside has raised $ 7.7 million in pre-seed & seed funding from Uncork Ventures, Mantis Ventures, Scribble Ventures, Roar VC, Dan Scheinman, Jason Warner, Kathy Korevec and many more. A team of handpicked, high value add investors invested in helping our company and team grow. Receiving recognition from global media outlets like Techcrunch, Wired, Fortune, Forbes and many more.
About the role:
We’re looking for a Security Researcher to keep an eye on emerging threats. Dig into their methods, scope improvements in our detection systems and collaborate with the engineering team internally.
You’re the face of the security detections team.
Discovering new attacks and sharing it with the world.
What you will do:
Keep an eye out on attacks around the world.
We have a lot of traffic data and keep an eye on a lot of websites. There is always a new attack method to be found.
We want you to find it, scope a detection method if a new one is necessary, use existing attributes where possible to detect the attack and ship it!
You are the one leading the detection strategy, detection & response.Review detections that come in. We have a lot of broader signals we do not expose publicly. Some may catch something we’ll want to narrow down on.
Lead our Security Research and content effort. When we find a malicious script that impacts over 1000 websites we ALWAYS blog about it immediately. This is to protect the internet and prevent bad actors from destabilizing critical infrastructure.
Build new detection methods and rules for new attacks. A deep understanding of JavaScript would help here as client-side attacks often revolve around JS.
However, a large range of our detection systems use Rust.Proactively define detections for client-side behaviours that can be malicious and review this against our script data.
Use and build internal tools to detect never seen before attacks.
About you:
You love a cat and mouse game!
The fact that you are in a key position to stop bad actors from impacting unknowing individuals motivates you.
You have a deep understanding of JavaScript, browsers and ideally also some background in Rust and Yara rules.
Finding the gap between the specification of client-side JS and how JS engines are built is a hobby project for you.
You’ve participated in capture the flag events or regularly spend time doing whitehat hacking or bug bounties.
You’re self managing and want to disrupt the client-side (and web) security market.
You have at least 3-5 years prior work experience.
At cside:
We’re constantly learning and developing better, we grow together.
We do not ship half projects, we do not sell snake oil, we don’t cut corners - out of respect for our team, our customers and our community. We put a dent in the universe by building good products.
We believe in strong opinions loosely held. We’re passionate and we strive to build the best thing together. The impact of our work is all that matters.
Cside offers:
2-3 Offsites per year (this changes from time to time)
Generous work from home allowance
Latest Macbook
Stock options
Market rate salary
Take what you need PTO
Fully remote
Our team is invested in your long term career development. If you want to talk at events, we’ll make that happen, if you want to learn how to build your own startup one day, we’ll offer you a front line seat. Cside is built by folks like you.
We’re building a world class security company, and we simply want the best people for the job.
We do not select or discriminate based on formal educational background, age, skin tone, religion, national origin, sexual orientation, gender identity, disability status, marital status, veteran status… we’re welcoming all and celebrate equal opportunities.
