Security for Cloud-Native Application Development

Senior Security Researcher

Security EngineerSecurity EngineerFull TimeRemoteTeam 501-1,000Since 2006H1B SponsorCompany Site LinkedIn

Location

Massachusetts

Posted

30 days ago

Salary

Not specified

2 yrs expEnglish.net

Job Description

• Conduct research to identify potential weaknesses and security vulnerabilities in C / C++ and C# / .NET applications as well as others as the need arises. • Describe vulnerabilities and potential exploits, and produce proofs of concept and representative examples to aid engineering teams in building product capabilities • Engage in binary and source static analysis/reverse-engineering of applications • Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems, using both our own proprietary software as well as open-source tools. • Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable • Mentor and provide technical guidance to developers and researchers • Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

Job Requirements

2+ years of practical reverse-engineering or binary static-analysis experience, including familiarity with Abstract Syntax Trees (AST), reflection, or other code transformation approaches; compilers and associated tooling; and decompilers, disassemblers, and/or debuggers used in binary analysis
1+ years of practical application security experience, such as source code auditing, penetration testing, product assessment, vulnerability research
The ability to enter a “breaker” mentality – Veracode is defensively-oriented, but our research requires an offensive mindset, including the ability to assess the attack surface of a piece of software.
Prototyping ability – must be comfortable producing “quick and dirty hacks” to demonstrate a concept or solve a one-off problem
Strong professional skills:
Attention to detail as part of a commitment to quality
Analytical and organizational capability for advocating, planning, and executing projects independently
Ability to understand technical and security issues from a customer points of view
Strong written and verbal communication ability in English, especially technical writing for a developer audience.

Benefits

Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.
Wellness benefits to help you focus on what’s most important.
“Take What You Need” time off policy.
Extensive development and training offerings to help you grow your career at Veracode.
Generous 401k match to help save for your future.
Amazing community of professionals who take pride in what we do every day.