Veracode

Senior Security Researcher

Veracode

full-time

Posted on:

Location Type: Remote

Location: MassachusettsUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

.NET

About the role

  • Conduct research to identify potential weaknesses and security vulnerabilities in C / C++ and C# / .NET applications as well as others as the need arises.
  • Describe vulnerabilities and potential exploits, and produce proofs of concept and representative examples to aid engineering teams in building product capabilities
  • Engage in binary and source static analysis/reverse-engineering of applications
  • Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems, using both our own proprietary software as well as open-source tools.
  • Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable
  • Mentor and provide technical guidance to developers and researchers
  • Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

Requirements

  • 2+ years of practical reverse-engineering or binary static-analysis experience, including familiarity with Abstract Syntax Trees (AST), reflection, or other code transformation approaches; compilers and associated tooling; and decompilers, disassemblers, and/or debuggers used in binary analysis
  • 1+ years of practical application security experience, such as source code auditing, penetration testing, product assessment, vulnerability research
  • The ability to enter a “breaker” mentality – Veracode is defensively-oriented, but our research requires an offensive mindset, including the ability to assess the attack surface of a piece of software.
  • Prototyping ability – must be comfortable producing “quick and dirty hacks” to demonstrate a concept or solve a one-off problem
  • Strong professional skills:
  • Attention to detail as part of a commitment to quality
  • Analytical and organizational capability for advocating, planning, and executing projects independently
  • Ability to understand technical and security issues from a customer points of view
  • Strong written and verbal communication ability in English, especially technical writing for a developer audience.
Benefits
  • Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.
  • Wellness benefits to help you focus on what’s most important.
  • “Take What You Need” time off policy.
  • Extensive development and training offerings to help you grow your career at Veracode.
  • Generous 401k match to help save for your future.
  • Amazing community of professionals who take pride in what we do every day.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
CC++C#.NETreverse engineeringbinary static analysissource code auditingpenetration testingvulnerability researchprototyping
Soft Skills
attention to detailanalytical capabilityorganizational capabilitycommunication skillstechnical writingmentoringindependent project executioncustomer perspective understanding