Date posted: 2022-02-08

Lead Security Researcher - Client-side Web Security

  • Remote - North America
  • Job Description

    Feroot Security believes customers should be able to do business with any company online securely, without risk or compromise. Our mission is to secure client-side web applications so that our customers can deliver a flawless digital user experience to their customers.

    Businesses come to Feroot to enable proactive client-side security programs. Our data protection capabilities take the pain and ambiguity out of client-side security threat analysis, detection, response, and prevention. Our products help organizations uncover supply chain risks and protect their client-side attack surface.

    Feroot is a brand new cybersecurity startup and is a 100% remote organization. We strive to hire the best talent across North America to collaboratively build our business.


    About the Role 

    Reporting to the Chief Technology Officer, the Lead Cyber Security Researcher will establish Feroot Security’s Threat Research Team. As the Lead Researcher, you are focused on uncovering, evaluating, and analyzing client-side (JavaScript) cyber threats and attacks. You will produce meaningful reports for internal and external audiences. External audiences will use the reports, and the security recommendations within them, to better protect their web applications from targeted attacks. Internal audiences will use the reports to enhance the functionality and efficacy of the Feroot Security Inspector and PageGuard product offerings.

    The Lead Cyber Security Researcher will identify emerging client-side threats, enumerate and track threat actors using client-side attack methods. You will also track JavaScript vulnerabilities, exploits, malicious third-party scripts and code weaknesses. You will work closely with cross-functional teams such as product management, product development, product marketing, and sales engineering to advance business objectives, enhance product capabilities, and enhance the cybersecurity industry as a whole.


    About you

    You have passion for research and for cyber threat analysis. You love reading about cybersecurity industry trends. Finding new cyberthreats and IoCs excites you and drives your curiosity. Your curiosity leads you to uncover new threats and solutions to keep them at bay. You love cybersecurity challenges and love to face them head-on.


    Responsibilities Include:

    • Analyze malware and threat data from internal and external sources, both self-directed and in response to questions from customers, and activity on the changing landscape
    • Influencing company decisions
    • Help define budget and technology/tools you will be working with.
    • Prioritizing and refining research agenda
    • Become a client-side threat intelligence expert by developing deep expertise in the web application attack surface
    • Create and present customer-facing and internal research reports and other deliverables on client-side threats and vulnerabilities
    • Discover new client-side threats and vulnerabilities, and develop threat detection methodologies for those threats
    • Provide threat detection findings to internal teams as they create and deploy detections in our products
    • Leverage Feroot’s client-side security products to develop a client-side threat database and produce data and reports that protect our customers
    • Work with the product management engineering, and sales engineering teams to outline new features for Feroot Security solutions



    • Professional experience in vulnerability research, application vulnerability, and TI reporting analysis, with an emphasis on cybersecurity research
    • You want to be finding and solving exciting problems and impact millions of people
    • Exceptional analytical analysis capabilities
    • Superior written and verbal communications skills
    • Soft skills to support relationship management
    • Bachelor’s degree or equivalent experience
    • Some experience assessing/managing/building web applications
    • Expertise with threats to client-side web applications
    • Experience with front end and back end web applications built in Javascript and frameworks like ExpressJS, VueJS, Angular, ReactJS
    • Experience finding web application vulnerabilities, security issues, and/or participation in bug bounty programs
    • Self-motivated with the ability to work on projects with minimal oversight

    To apply for this job email your details to

    To apply for the position please send your resume to Please make sure to put the job title in the subject of your email and provide a brief overview of why you are a fit for the position you are applying for.