The Security Researcher is responsible for determining how to detect vulnerabilities in software using automated static analysis. The Research team’s main responsibility is to make sure our application scanning technology is as comprehensive and accurate as possible.
Research the vulnerabilities commonly introduced into software across a variety of programming languages, platforms, and frameworks.
Create rules, attack patterns, and test cases to describe vulnerability detection techniques.
Conduct directed internal research projects aimed at improving automation, accuracy, efficiency, and security of the analysis engine or other components of the Veracode platform.
Assess Veracode’s security analysis capabilities against available manual and automated techniques.
Contribute content to the Knowledge Center to ensure the Veracode platform provides customers with current, accurate, and actionable information.
Perform software security research to discover new vulnerabilities and novel detection techniques for existing vulnerabilities.
Engage in “thought leadership” activities such as posting on the Veracode blog, speaking at industry conferences, or writing whitepapers.
Provide mentoring and technical guidance to Application Security Analysts.
You should love tackling difficult problems, and you should be able to learn new things quickly and independently. You may be asked produce security requirements for a language or development framework that you’ve had no past experience with, and you will need to do so methodically and comprehensively. It’s also crucial that you’re an effective communicator, as you’ll collaborate frequently with our engineers to guide them in implementing the specifications you create.
You’ll also need:
Genuine enthusiasm, not just aptitude, for application security.
A “breaker” mentality; Veracode is on the defensive side of the application security game, but we believe attackers make the best defenders.
5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
Familiarity with Java, C#, and enterprise-grade web development architectures (J2EE and ASP.NET).
Coding ability – not necessarily commercial development experience, but rather the ability to hack something together to solve a problem.
Excellent attention to detail, quality, and customer satisfaction. Former consulting experience is a plus, because occasionally you’ll interact directly with customers.
Strong analytical, organizational, and technical writing skills.
Ability to work effectively in a fast-paced, high energy startup environment.
B.S. in Computer Science or equivalent work experience.