Our Mission Securing the software that powers your world. At Veracode, we are focused on that mission every day. Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in todays software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes.
Role Overview / Description
We are seeking a Principal Security Researcher to join Veracodes Applied Research Group. The Principal Security Researcher will lead research projects for improving the capabilities and quality of Veracodes Static Application Security Testing (SAST) products by designing detection techniques for classes of software vulnerabilities as well as helping to model automated security improvements to applications based on those findings. They will also conduct original security research to give back to the community and advance its knowledge.
Principal Security Researchers enjoy working independently to solve novel and sometimes difficult technical problems and are able to quickly learn about the security posture and attack surface of programming languages, libraries, and frameworks, even without prior experience using them. They work methodically and comprehensively, and can clearly and effectively communicate technical information to developers and security practitioners. Principal Security Researchers must be able to drive security decisions and collaborate effectively with developers who implement their research.
- Conduct research to identify potential weaknesses and security vulnerabilities in software across a variety of programming languages, platforms, frameworks, and libraries
- Describe vulnerabilities and potential exploits, and produce proofs of concept and representative examples to aid engineering teams in building product capabilities
- Engage in binary and source static analysis/reverse-engineering of applications
- Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems
- Contribute expertise to Veracodes customer- and public-facing documentation to ensure information is current, accurate, and actionable
- Mentor and provide technical guidance to developers and researchers
- Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.
Key skills and experience desired:
- 3+ years of practical reverse-engineering or binary static-analysis experience, including familiarity with Abstract Syntax Trees (AST), reflection, or other code transformation approaches; compilers and associated tooling; and decompilers, disassemblers, and/or debuggers used in binary analysis
- 2+ years of practical application security experience, such as source code auditing, penetration testing, product assessment, vulnerability research
- 2+ years of practical software development experience, including some familiarity with processes and tooling used in DevOps environments (and associated tooling) and developing software as part of a team
- Prototyping ability must be comfortable producing quick and dirty hacks to demonstrate a concept or solve a one-off problem
- Strong professional skills:
- Attention to detail as part of a commitment to quality
- Analytical and organizational capability for advocating, planning, and executing projects independently
- Ability to understand technical and security issues from a customer points of view
- Strong written and verbal communication ability in English, especially technical writing for a developer audience
- Comfortable communicating in code when working with developers
The following are valuable but not required:
- Experience consulting with internal or external customers
- Experience using, deploying, or customizing commercial application security products (e.g. SAST, DAST, IAST technologies)
- Experience using software project tools like git, Jira, and CI/CD automation tools
- Experience with Machine Learning (ML) and/or related analysis techniques
The Veracode Way:
We Have a Passion and Commitment for Security
We consider security in everything we do. We act to preserve the trust our customers place in us.
We Help Our Customers Change the World
We deliver peace of mind to our customers so they can focus on the pursuit of their missions.
We Have Big Goals and Expect Big Outcomes
We are results driven. We take risks, compete boldly, and deliver valuable outcomes to our customers.
We Are Committed to Making Progress Together
We collaborate with each other, our user communities, our industry and together lead the world forward.
We Value Each Other
We value diversity. We have empathy for each other and assume positive intent.
We Are Proud to be Veracode
We have fun together. We honor who we are and work hard to achieve our potential.
More About Working at Veracode:
Veracode, is a leader in helping organizations secure the software that powers their world. Veracodes SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets- whether thats software they make, buy or sell.
Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter and in the Veracode Community.
At Veracode youll have the opportunity to eliminate barriers for our customers and earn a competitive compensation and total rewards package all while pushing the boundaries of whats possible by collaborating with a diverse team of global innovators. In short, Veracodes fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.
We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.
We are equal opportunity employers. As such, it is our corporate policy to fill positions with qualified candidates regardless of the candidates race, color, sex, age, religion, ancestry, national origin, citizenship status, marital status, sexual orientation, gender identity, genetic information, disability, pregnancy, military status, veteran status or any other protected group status.