As a research engineer you will work closely with the Veracode engineering team to research and maintain our vulnerability database. You will also help identify new vulnerability data sources and implement processes to improve the quality of our data. As part of this team you will get the opportunity to work on improving the state of security in open-source code. We provide a great engineering culture and give lot of autonomy to individuals to work on interesting problems relevant to our business that can have big impact.
- Review incoming commits, emails, and bug reports to look for vulnerabilities in open source libraries
- Triage the newest vulnerabilities released
- Track library release notes and associated security bulletins Publish high quality vulnerability advisories with exploit information, details about risk, and mitigation/workaround details
- Develop tools and techniques to identify new vulnerabilities and analyze vulnerable methods
- Perform risk assessments on vulnerabilities identified, then describe the risk posed to customers
- Use in-house tooling and/or custom tooling to do low probability, high payoff moonshot style research into the most popular libraries
- Other activities relating to security research around library vulnerabilities
- BS/MS in Computer Science or related field, or relevant industry experience is required
- 0-2 years’ experience in vulnerability analysis
- Knowledge of package management systems such as Maven, RubyGems or npm
- Knowledge of software security vulnerability types and common attack methods
- A strong ownership attitude and a track record of taking responsibility for problems, deadlines, and SLAs
- Strong problem solving and communication skills
- Strong written (English) and verbal communication skills necessary for writing up vulnerability publications
- Familiarity working in an environment that heavily utilizes cloud services and cloud-based infrastructure
- Experience working as a security researcher,
- Enjoys working on low probability but huge payoff research problems
- Familiarity working in an environment with strict security requirements
More About Working at Veracode
Veracode, application security business, is a leader in helping organizations secure the software that powers their world. Veracode’s SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets- whether that’s software they make, buy or sell.
Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter and in the Veracode Community.
At Veracode you’ll have the opportunity to eliminate barriers for our customers and earn a competitive compensation and total rewards package – all while pushing the boundaries of what’s possible by collaborating with a diverse team of global innovators. In short, Veracode’s fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.
We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.
We are equal opportunity employers. As such, it is our corporate policy to fill positions with qualified candidates regardless of the candidate’s race, color, sex, age, religion, ancestry, national origin, citizenship status, marital status, sexual orientation, gender identity, genetic information, disability, pregnancy, military status, veteran status or any other protected group status.
Contact for Veracode:
Copyright © 2018 Veracode, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.