Our mission is to make application security and software assurance a reality, at scale. We’re a dedicated team that leverages each other’s strengths to produce cutting-edge solutions to difficult problems. Join us to grow your career and create the future of software assurance at scale.
Work You’ll Do
As a member of our team, you will be responsible for planning and delivering in-depth security assessments across a variety of products and services. Your next project could be anything from static and dynamic analysis of a multi-node infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language. Other responsibilities include:
* Scope and execute in-depth security assessments and vulnerability research across a broad range of on-premise software, cloud services, and infrastructure.
* Perform in-depth security assessments using results from static and dynamic analysis.
* Create testing tools to help teams identify security-related weaknesses.
* Collaborate with teams to help them triage and fix security issues.
What You’ll Bring
* Bachelor’s or Master’s degree in Computer Science or related field (e.g. Electrical Engineering).
* 2+ years industry experience in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessments.
* Aptitude for self-study, setting and achieving long-term goals (for example, learning an unfamiliar programming language).
* Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff.
* Excellent organizational, presentation, verbal, and written communication skills.
* This role does not require access to a cleared work environment. Security clearances are not required, and active clearances cannot be sponsored.
Nice to Have
* Proficiency with multiple programming languages, preferably Go, Java, Python, or C/C++.
* 5+ years industry experience in software development.
* Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools.
* Hands-on experience in one or more of the following with an interest in doing full-time research: cybersecurity consulting, security engineering, vulnerability management, risk assessments, bug bounty hunting, malware analysis, forensics.
* OSCP, OSWE certification, or interest in achieving certification.
* Experience navigating and working with extremely large codebases is also highly desirable.
* Experience using common security assessment tools and techniques in one or more of the following categories: Mobile Application Assessment (iOS / Android), Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2), Fuzzing (e.g. Jazzer/AFL/Peach), Web Application assessment (e.g. Burp Suite Proxy, ZAP, REST API testing).
* Proficiency in manual penetration testing in at least TWO or more of the following areas - Mobile, API, Infrastructure, OS, Web Application.
* Knowledge of common vulnerabilities in different types of software and programming languages, including: how to test for/exploit them, real-world mitigations that can be applied.
* Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10, CVSS, MITRE CVE).
* Ability to threat model systems/applications/platforms to assess design and find flaws that can be exploited.
What We’ll Give You
* A team of very skilled and diverse personnel across the globe.
* Ability to work in a hybrid work environment.
* Exposure to mind-blowing large-scale cutting-edge systems.
* The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day.
* Develop new skills and competencies working with our vast cloud product offerings.
* Ongoing extensive training and skills development support to further your career aspirations.
* Incredible benefits and company perks.
* An organization filled with smart, enthusiastic, and motivated colleagues.
* The opportunity to impact and improve our systems and delight our customers.
#J-18808-Ljbffr