Security Research Architect

Veracode

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of application security experience across diverse domains like penetration testing and vulnerability research.
  • 3+ years of software development experience.
  • In-depth understanding of web browsers and their security features.
  • Strong grasp of web application vulnerabilities and exploitation techniques.
  • Ability to quickly learn new programming languages and technologies.

Responsibilities

  • Conduct research for automating web application attacks.
  • Develop methods for improved detection of vulnerabilities.
  • Create attack signatures for various vulnerability classes.
  • Define specifications for new attack methodologies aimed at developers.
  • Collaborate with management to prioritize DAST offerings.
  • Stay informed about trends in web development and security.
  • Engage with the security research community through conferences and publications.

Benefits

  • Opportunity for independent research with 20% of time allocated for your projects.
  • Collaborative environment that encourages communication with engineers and peers.
  • Involvement in speaking at industry conferences and contributing to relevant publications.
  • Potential for remote work or flexible schedules to accommodate innovative research pursuits.
Full Job Description
The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings.

Responsibilities
• Conduct research and development for automating web application attacks.
• Conduct research for improving techniques for detection of vulnerabilities.
• Develop attack signatures for specific classes of vulnerabilities.
• Define developer focused specifications for new attacks.
• Work with management to set priorities and goals for Veracode's DAST offerings.
• Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.
• Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion.
• Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.

Skills & Requirements

This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need:
• 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
• 3+ years of software development experience.
• Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
• Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
• Ability to learn new programming languages and/or technologies quickly and independently
• Ability to balance novelty of attacks with the restrictions automation demands.
• Experience with automated application security testing products (SAST, DAST, etc.) a plus.
• Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas.
• Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
• Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
• Strong analytical, organizational, and technical writing skills.
• B.S. in Computer Science or equivalent industry experience.

Similar Jobs

More Jobs at Veracode

More Information Technology Jobs

Find similar Security Research Architect jobs: