Principal Security Researcher Employee

Veracode

Employee

TELECOMMUTE – US National

1/13/21

Job Description

Principal Security Researcher

Remote

Our Mission Securing the software that powers your world. At Veracode, we are focused on that mission every day. Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes.

We are seeking aPrincipal Security Researcherto join Veracode’s Applied Research Group. The Principal Security Researcher will lead research projects for improving the capabilities and quality of Veracode’s automated software security testing products by designing detection techniques for software vulnerabilities. They will also conduct original security research to give back to the community and advance its knowledge.

Key responsibilities

Conduct research to identify potential weaknesses and security vulnerabilities in software across a variety of programming languages, platforms, frameworks, and libraries. Describe vulnerabilities and potential exploits, produce proofs of concept and representative examples to aid engineering teams in building automated detection

Prototype detection algorithms and perform binary analysis/reverse-engineering as needed

Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems

Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable

Mentor and provide technical guidance to developers and researchers

Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

Candidate Description

Principal Security Researchers enjoy working independently to solve novel and sometimes difficult technical problems and are able to quickly learn about the security posture and attack surface of programming languages, libraries, and frameworks, even without prior experience using them. They work methodically and comprehensively, and can clearly and effectively communicate technical information to developers and security practitioners. Principal Security Researchers must be able to collaborate effectively with developers who implement their research.

Key skills and experience desired:

7+ years of software or technology work experience, including at least:

3+ years of practical application security work experience, such as source code auditing, penetration testing, product assessment, vulnerability research, reverse engineering, and/or other related pursuits

2+ years of practical software development experience, either in a commercial setting or through a portfolio of personal projects

The ability to enter a breaker mentality Veracode is defensively-oriented, but our research work requires an offensive mindset, including the ability to assess the attack surface of a piece of software

Prototyping ability you must be comfortable producing quick and dirty hacks to demonstrate a concept or solve a one-off problem

Strong professional skills:

Attention to detail as part of a commitment to quality

Analytical and organizational capability for advocating, planning, and executing projects independently

Ability to understand technical and security is…

Computer & IT , Computer Security , Research , Analyst

US National