Security Research Architect Veracode
Burlington, MA

Job Description

The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings.

Responsibilities

* Conduct research and development for automating web application attacks.
* Conduct research for improving techniques for detection of vulnerabilities.
* Develop attack signatures for specific classes of vulnerabilities.
* Define developer focused specifications for new attacks.
* Work with management to set priorities and goals for Veracode's DAST offerings.
* Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.
* Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion.
* Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.

Skills/Requirements

This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need:

* 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
* 3+ years of software development experience.
* Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
* Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
* Ability to learn new programming languages and/or technologies quickly and independently
* Ability to balance novelty of attacks with the restrictions automation demands.
* Experience with automated application security testing products (SAST, DAST, etc.) a plus.
* Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas.
* Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
* Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
* Strong analytical, organizational, and technical writing skills.
* B.S. in Computer Science or equivalent industry experience.