Application Security Product Analyst at Wiz, Inc.

<div class="content-intro"><p class="x_MsoNormal FluidPluginCopy"><span class="ContentPasted0">Come join the company that is reinventing cloud security and empowering businesses to thrive in the cloud. As the <a href="https://www.wiz.io/blog/100m-arr-in-18-months-wiz-becomes-the-fastest-growing-software-company-ever" target="_blank">fastest-growing startup ever,</a> </span><span class="ContentPasted0">Wiz is on a mission to help organizations secure cloud environments that will accelerate their businesses. Trusted by security teams all over the world, we have a proven<span class="ContentPasted0">&nbsp;</span><a class="ContentPasted0" href="https://www.g2.com/products/wiz-wiz/reviews" target="_blank" data-auth="NotApplicable" data-safelink="true" data-linkindex="1">track record of success</a><span class="ContentPasted0">&nbsp;</span>and a culture that values world-class talent.&nbsp;&nbsp;</span></p> <p class="x_MsoNormal FluidPluginCopy"><span class="ContentPasted0">Our Wizards from over 20 countries work together to protect the infrastructure of our hundreds of customers, including over 50% of the Fortune 100, who trust us to scan and secure over 230 billion files daily. We’re the leading player in a massive and growing market, but it’s still early enough for you to make a significant impact. At Wiz, you’ll have the freedom to think creatively, dream big, and use your full range of skills to contribute to our record growth. Come join our team and help us create secure cloud environments that allow the best companies to move faster.&nbsp;</span></p></div><div><strong>SUMMARY</strong><br><br>We’re looking for a <strong>Application Security Product Analyst</strong> to join our Product team and help expand the power of Wiz.<br>In this pivotal role, you will be the primary operator of our cutting-edge AI-driven Dynamic Application Security Testing (DAST) agent while simultaneously innovating detection mechanisms for cloud-native technologies.<br><br>You will bridge the gap between automated AI testing and cloud infrastructure, defining the "rules of engagement" for our agents to ensure they effectively simulate sophisticated attacks and accurately classify the modern attack surface.<br><br><strong>WHAT YOU’LL DO</strong></div> <ul> <li><strong>Engineer Detection &amp; Attack Logic:</strong> Develop advanced detection algorithms to classify cloud technologies while fine-tuning the attack policies that define how our agents identify and exploit vulnerabilities.</li> <li><strong>Validate Complex Findings:</strong> Analyze cloud services, APIs, and log payloads to review complex attack paths, reducing false positives and ensuring compliance with industry standards.</li> <li><strong>Research Novel Threats:</strong> Stay at the forefront of novel attack vectors and emerging cloud/API threats, translating new techniques into executable behaviors for the Wiz DAST engine.</li> <li><strong>Drive Product Evolution:</strong> Collaborate directly with Research, Backend, and R&amp;D teams to turn operational insights into feature requests, positioning Wiz as the market leader in vulnerability management.</li> </ul> <div><br><strong>WHAT YOU’LL BRING</strong></div> <ul> <li>1+ years of hands-on experience in AppSec or penetration testing, including proficiency with enterprise tools like Burp Suite, OWASP ZAP, or Acunetix.</li> <li>Solid knowledge of networking concepts, the OSI model, and cloud infrastructure (AWS, Azure, or GCP).</li> <li>Hands-on experience with Linux, Windows, Docker, Kubernetes, and a strong command of web protocols (HTTP/S, REST, GraphQL) and auth mechanisms (OAuth, SAML).</li> <li>Proficiency in scripting languages such as Python, Bash, or Go to automate security tasks and interact directly with the codebase.</li> <li>An analytical mindset with the ability to diagnose complex logs and scans to distinguish between tool failures, configuration issues, and valid security findings.</li> <li>Self-motivated with the ability to work collaboratively and communicate high-stakes security concepts effectively across teams.</li> </ul> <div><br><strong>BONUS POINTS</strong></div> <ul> <li>Knowledge of AI/ML and how LLMs or reinforcement learning agents operate within a cybersecurity context.</li> <li>SaaS and cloud experience with familiarity in AWS, Azure, or GCP environments and modern cloud-native architectures.</li> <li>A red teaming background with experience in simulated adversarial attacks and bypassing standard WAF or security controls.</li> </ul><div class="content-conclusion"><p><em><span class="TextRun SCXW149741735 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW149741735 BCX0">Applicants must have the legal right to work in the country where the position is based,&nbsp;</span><span class="NormalTextRun SCXW149741735 BCX0">without the need for</span> <span class="NormalTextRun SCXW149741735 BCX0">visa </span><span class="NormalTextRun SCXW149741735 BCX0">sponsorship.</span> <span class="NormalTextRun SCXW149741735 BCX0">This</span><span class="NormalTextRun SCXW149741735 BCX0"> role does not offer</span> <span class="NormalTextRun SCXW149741735 BCX0">visa</span></span> <span class="TextRun SCXW149741735 BCX0" lang="EN-US" data-contrast="auto"><span class="NormalTextRun SCXW149741735 BCX0">sponsorship</span><span class="NormalTextRun SCXW149741735 BCX0">.</span></span></em></p> <p>Wiz is an equal opportunity employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.&nbsp;</p> <p>By submitting your application, you acknowledge that Wiz will process your personal data in accordance with <a href="https://www.wiz.io/legal/privacy" target="_blank">Wiz's Privacy Policy.</a></p></div>