Your next project could be anything from secure systems design, static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to analysis and reverse engineering of firmware used in the thousands of servers supporting our cloud services. Other responsibilities include:
* Designing and evaluating complex systems for computer security
* Scope and execute security assessments and vulnerability research
* Perform in-depth security assessments using results from static and dynamic analysis
* Create testing tools to help engineering teams identify security-related weaknesses
* Collaborate with engineering teams to help them triage and fix security issues
* Mentor members of the team in computer and software security as a role model and team leader
Career Level - IC5
What You’ll Bring
* Bachelor’s or Master’s degree in Computer Science or related field (e.g. Electrical Engineering)
* 15+ years of relevant experience in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessments
* Interest in vulnerability research and exploit development– leading groups of 5 -10 engineers past experience required
* Understanding of operating systems, CPU instruction sets and their associated security designs
* Understanding of exploit mitigations (DEP, ASLR, CFG, PAC, CET, etc.)
* Demonstrable experience in designing and evaluating complex systems for security
* Aptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)
* Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
* Excellent organizational, presentation, verbal, and written communication skills; as mentioned before, you will be the leader of a team and be presenting your findings and reports while authoring large bodies of evidence – strong writing skills are required
Nice to Have
* Experience working in a large cloud or Internet software company
* Proficiency with multiple programming languages, preferably Go, Java, Python or C/C++
* Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools such as CodeQL
* Experience navigating and working with extremely large codebases is also highly desirable
* Experience using common security assessment tools and techniques in one or more of the following categories:
* Mobile Application Assessment (iOS / Android)
* Reverse Engineering (e.g. IDA Pro/Ghidra/Frida)
* Fuzzing (e.g. Jazzer/AFL/Peach)
* Web Application assessment (e.g. Burp Suite Proxy, ZAP, REST API testing)
* Proven experience with security research including any published CVEs
* Experience developing proof of concept exploits bypassing modern exploit mitigations
* Active participant or organiser of Capture The Flag competitions
* Knowledge of common vulnerabilities in different types of software and programming languages, including:
How to test for/exploit them
Real world mitigations that can be applied
* Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10, CVSS, MITRE CVE)
What We’ll Give You
* A team of very skilled and diverse personnel across the globe
* Ability to work in a hybrid work environment
* Exposure to mind-blowing large-scale cutting-edge systems
* The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
* Develop new skills and competencies working with our vast cloud product offerings
* Ongoing extensive training and skills development to further your career aspirations
* Incredible benefits and company perks
* An organization filled with smart, enthusiastic, and motivated colleagues
#J-18808-Ljbffr