Principal Security Researcher

Veracode

We are seeking a Principal Security Researcher to join Veracode’s Applied Research Group. The Principal Security Researcher will lead research projects for improving the capabilities and quality of Veracode’s automated software security testing products by designing detection techniques for software vulnerabilities. They will also conduct original security research to give back to the community and advance its knowledge.

Key responsibilities

  • Conduct research to identify potential weaknesses and security vulnerabilities in software across a variety of programming languages, platforms, frameworks, and libraries. Describe vulnerabilities and potential exploits, produce proofs of concept and representative examples to aid engineering teams in building automated detection
  • Prototype detection algorithms and perform binary analysis/reverse-engineering as needed
  • Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems
  • Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable
  • Mentor and provide technical guidance to developers and researchers
  • Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

Candidate Description

Principal Security Researchers enjoy working independently to solve novel and sometimes difficult technical problems and are able to quickly learn about the security posture and attack surface of programming languages, libraries, and frameworks, even without prior experience using them. They work methodically and comprehensively, and can clearly and effectively communicate technical information to developers and security practitioners. Principal Security Researchers must be able to collaborate effectively with developers who implement their research.

Key skills and experience desired:

  • 7+ years of software or technology work experience, including at least:
  • 3+ years of practical application security work experience, such as source code auditing, penetration testing, product assessment, vulnerability research, reverse engineering, and/or other related pursuits
  • 2+ years of practical software development experience, either in a commercial setting or through a portfolio of personal projects
  • The ability to enter a breaker mentality Veracode is defensively-oriented, but our research work requires an offensive mindset, including the ability to assess the attack surface of a piece of software
  • Prototyping ability you must be comfortable producing quick and dirty hacks to demonstrate a concept or solve a one-off problem
  • Strong professional skills:
  • Attention to detail as part of a commitment to quality
  • Analytical and organizational capability for advocating, planning, and executing projects independently
  • Ability to understand technical and security issues from a customer point of view
  • Strong written communication ability, especially technical writing

The following are valuable but not required:

  • Experience consulting with internal or external customers
  • Deep familiarity with some popular languages and frameworks, especially those commonly used for enterprise (e.g. Java, C#.NET), mobile (e.g. Kotlin, Swift), rapid web (e.g. Node.js, Angular, and other browser-side frameworks), and automation (e.g. Python, Golang, Scala) applications
  • Experience using, deploying, or customizing commercial application security products (e.g. SAST, DAST, IAST technologies)
  • Experience using software project tools like git, Jira, and CI/CD automation tools

The Veracode Way:

We Have a Passion and Commitment for Security
We consider security in everything we do. We act to preserve the trust our customers place in us.

We Help Our Customers Change the World
We deliver peace of mind to our customers so they can focus on the pursuit of their missions.

We Have Big Goals and Expect Big Outcomes
We are results driven. We take risks, compete boldly, and deliver valuable outcomes to our customers.

We Are Committed to Making Progress Together
We collaborate with each other, our user communities, our industry and together lead the world forward.

We Value Each Other
We value diversity. We have empathy for each other and assume positive intent.

We Are Proud to be Veracode
We have fun together. We honor who we are and work hard to achieve our potential.

More About Working at Veracode:

Veracode is a leader in helping organizations secure the software that powers their world. Veracode’s SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost-effectively secure their software assets- whether that’s software they make, buy, or sell.

Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks, and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter, and in the Veracode Community.

At Veracode, you’ll have the opportunity to eliminate barriers for our customers and earn a competitive compensation and total rewards package all while pushing the boundaries of what’s possible by collaborating with a diverse team of global innovators. In short, Veracode’s fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.

We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.