Security Researcher II - Risk Research Akamai Technologies
Cambridge, MA

Job Description

Overview

Akamai's InfoSec Team safeguards the security of the business, from production systems to customer product security. We provide advice, review, expertise, and support to organizations across Akamai. We design and debug control systems, organize security solutions, investigate and respond to security incidents, conduct compliance audits. We combine backgrounds in engineering, mathematics, computer science, biochemistry, and linguistics to solve complex problems. We value knowledge of all kinds and expect mutual sharing with all of our colleagues, emphasizing kindness and respect both inside and outside the team.

As a Security Researcher 2, your responsibilities will include:

* Review designs with more senior members of InfoSec staff
* Analyze systems for safety, security, and resilience issues; and propose and help develop solutions
* Aid architects in product team engagements
* Respond to security incidents as incident manager or subject matter expert
* Identify research opportunities, make hypotheses, design and carry out experiments, draw conclusions, and present results inside and outside InfoSec

Responsibilities specific to the Risks Project include:

* Analyze data to identify, classify, categorize, and track sources of technical risk
* Work with a database development team to iterate on data structure design as it applies to information needed to track, classify, and categorize risks.
* Work with the Risks Project Lead and other stakeholders to develop reporting strategies to consumers of the output of the Risks Project.

About the Team

The Architect Studio is an InfoSec team for growing and developing security researchers. Studio members work with architects and product teams to improve the safety and security of products and services. Studio members have the latitude to explore research projects to better understand Akamai, to dispel myths, and to generally improve our systems. Initial work for this position will involve a project geared toward identifying and tracking sources of technical risk.

About the Risks Project

The risks project is geared toward analyzing and synthesizing the outputs of multiple processes that identify both risks and issues into digestible reports for engineering decision makers. The goal is to inform these decision makers of their risk environment in order to enable them to make safer engineering decisions.

Qualifications

Required Education and Experience

Bachelor's degree in engineering, mathematics, statistics, computer science, or related field plus 5 years of experience or

Master's degree in engineering, mathematics, statistics, computer science, or related field plus 3 years of experience or

Related experience and a PhD

Required Skills

* Minimum 2 years of experience in at least two programming languages, including a scripting language, and ideally including a functional language. Exposure to a wide range of language types (e.g., scripting, Unix-like, procedural, functional, high-level) is especially helpful.

Desired Skills

* Basic understanding of and interest in internet technologies and fundamental protocols such as HTTP, TCP/IP, and DNS
* Basic understanding of data analysis and an interest in expanding knowledge of data analysis as applied to understanding indicators of risk.
* Intellectual curiosity: wanting to know how and why things work, and how to improve them
* Optimism: seeing obstacles as challenges and problems as ways to make things better
* Flexibility: ability to handle an environment that shifts (sometimes suddenly) between leisurely and fast-paced
* Humility: knowing that there is always more to know, and being willing to learn from others
* Systems thinking: being able to identify the key factors in a system and to reason about the system without needing all the low-level details
* Safety and security thinking: understanding the difference between random and targeted failures, seeing how things can go wrong (or almost go wrong), and figuring out how to protect against these scenarios
* Adversarial thinking: understanding the system through the eyes of a party who wishes to disable, destroy, exploit, or just plain mess with it, and being able to convert those insights into ways to increase the resilience of the system against such attacks
* Hands-on experimentation: being unafraid to try ideas and evaluate their effectiveness
* Problem framing: being able to identify if the question being asked is the right one, and if not, to be able to ask the right questions
* Interpersonal skills: getting along with coworkers and colleagues, even when (especially when) incentives encourage an adversarial relationship; knowing who and how to influence; being able to act with diplomacy and tact; and displaying active kindness
* Perspective: understanding and making tradeoffs; picking battles well; using political capital wisely; and seeing beyond the immediate problem to work towards long-term goals
* Communication: Expressing oneself clearly, independent of medium (e.g., text, slides, oral presentations), and being able to tailor a message in structure, style, and content to the audience receiving it
* Technical maturity: Being comfortable working with technical information, including design documents, (incomplete) system documentation, source code, and configuration data