Who are we looking for?

We are seeking experienced, passionate, and talented security researchers who relish the challenge of assessing large, complex software products. As a member of our team you will be responsible for planning and delivering in depth security assessments across a variety of products and services.

Your next project could be anything from static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to analysis and reverse engineering of firmware used in the thousands of servers supporting our cloud services. Creativity is highly valued; being able to find novel bugs and stitch them together to create something greater than the sum of their parts is essential in this role.

We're not only invested in finding bugs but also making sure they are fixed correctly and don't happen again. We don’t just need people who can find CVSS 10 bugs, we need people who can use their skills and share their expertise to effect meaningful change. Along the same lines, being able to describe the impact of those CVSS 10 bugs in terms your audience (both technical and non-technical) will understand is essential.

A successful candidate must have genuine excitement for and interest in security, as well as the desire to share knowledge and help others learn from the high technical and ethical standards you set. If this sounds like you, get in touch!

Role's core responsibilities

• Scope and execute security assessments across a broad range of on-premise software, cloud services and infrastructure
• Perform in-depth security assessments using static and dynamic analysis
• Create testing tools to help engineering teams identify weaknesses in their own code
• Collaborate with engineering teams to help them triage and fix security issues

Minimum Qualifications

• Bachelor’s or Master’s degree in Computer Science or related field (e.g. Electrical Engineering)
• 10+ years industry experience with 5+ years in IT security in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessments

Preferred Qualifications

• Experience working in a large cloud or Internet software company
• Proficiency with one or more programming languages, preferably Java, Go, Python or C/C++
• Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools such as Fortify and CodeQL
• Experience navigating and working with extremely large codebases is also highly desirable
• Experience using common security assessment tools and techniques in one or more the following categories:
  • Mobile Application Assessment (iOS / Android)
  •  Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2)
  • Fuzzing (e.g. Jazzer/AFL/Peach)
  • Web Application assessment (e.g. BurpSuite Proxy, ZAP, REST API testing)
•  Knowledge of common vulnerabilities in different types of software and programming languages, including:
  • How to test for/exploit them
  • Real world mitigations that can be applied
  • Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10)

Required Soft Skills

• Aptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
• Excellent organizational, presentation, verbal, and written communication skills

Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.

As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.

Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.