Security Research Architect
Apply NowCompany: Veracode
Location: Burlington, MA 01803
Description:
The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings.
Responsibilities
Conduct research and development for automating web application attacks.
Conduct research for improving techniques for detection of vulnerabilities.
Develop attack signatures for specific classes of vulnerabilities.
Define developer focused specifications for new attacks.
Work with management to set priorities and goals for Veracode's DAST offerings.
Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.
Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion.
Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.
Skills & Requirements
This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need:
5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
3+ years of software development experience.
Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
Ability to learn new programming languages and/or technologies quickly and independently
Ability to balance novelty of attacks with the restrictions automation demands.
Experience with automated application security testing products (SAST, DAST, etc.) a plus.
Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas.
Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
Strong analytical, organizational, and technical writing skills.
B.S. in Computer Science or equivalent industry experience.
Careers
Veracode was founded by world-class security experts - and it continues to attract top problem solvers in the industry. We take pride in the diverse and electrifying culture our employees create. With personnel located across the United States and around the world, we boast a new and exciting approach to how we do business. Our collaborative environment fosters learning and growth within our employees through friendly discussions, hackathon projects and everyday interactions.
At Veracode, we offer a fundamentally different approach to application-layer security - one that's simpler and more scalable than legacy on-premises approaches. Our subscription-based service combines a powerful, cloud-based platform with deep security expertise and best practices for managing enterprise-wide governance programs so that enterprises can speed their innovations to market - without sacrificing security. It's all of these things combined with a little food and a lot of fun that make Veracode a great place to work.
Responsibilities
Conduct research and development for automating web application attacks.
Conduct research for improving techniques for detection of vulnerabilities.
Develop attack signatures for specific classes of vulnerabilities.
Define developer focused specifications for new attacks.
Work with management to set priorities and goals for Veracode's DAST offerings.
Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.
Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion.
Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.
Skills & Requirements
This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need:
5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
3+ years of software development experience.
Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
Ability to learn new programming languages and/or technologies quickly and independently
Ability to balance novelty of attacks with the restrictions automation demands.
Experience with automated application security testing products (SAST, DAST, etc.) a plus.
Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas.
Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
Strong analytical, organizational, and technical writing skills.
B.S. in Computer Science or equivalent industry experience.
Careers
Veracode was founded by world-class security experts - and it continues to attract top problem solvers in the industry. We take pride in the diverse and electrifying culture our employees create. With personnel located across the United States and around the world, we boast a new and exciting approach to how we do business. Our collaborative environment fosters learning and growth within our employees through friendly discussions, hackathon projects and everyday interactions.
At Veracode, we offer a fundamentally different approach to application-layer security - one that's simpler and more scalable than legacy on-premises approaches. Our subscription-based service combines a powerful, cloud-based platform with deep security expertise and best practices for managing enterprise-wide governance programs so that enterprises can speed their innovations to market - without sacrificing security. It's all of these things combined with a little food and a lot of fun that make Veracode a great place to work.