Senior Security Researcher

Senior Security Researcher

We are seeking a Senior Security Researcher to join Veracode’s Applied Research Group. The Senior Security Researcher will lead research projects for improving the capabilities and quality of Veracode’s Static Application Security Testing (SAST). They will also conduct original security research to give back to the community and advance its knowledge.

What you will be responsible for:

• Conduct research to identify potential weaknesses and security vulnerabilities in C / C++ and C# / .NET applications  as well as others as the need arises.
• Describe vulnerabilities and potential exploits, and produce proofs of concept and representative examples to aid engineering teams in building product capabilities
• Engage in binary and source static analysis/reverse-engineering of applications
• Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems, using both our own proprietary software as well as open-source tools.
• Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable
• Mentor and provide technical guidance to developers and researchers
• Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

Required Skills:

• 2+ years of practical reverse-engineering or binary static-analysis experience, including familiarity with Abstract Syntax Trees (AST), reflection, or other code transformation approaches; compilers and associated tooling; and decompilers, disassemblers, and/or debuggers used in binary analysis
• 1+ years of practical application security experience, such as source code auditing, penetration testing, product assessment, vulnerability research
• The ability to enter a “breaker” mentality – Veracode is defensively-oriented, but our research requires an offensive mindset, including the ability to asses the attack surface of a piece of software.
• Prototyping ability – must be comfortable producing “quick and dirty hacks” to demonstrate a concept or solve a one-off problem
• Strong professional skills:
• Attention to detail as part of a commitment to quality
• Analytical and organizational capability for advocating, planning, and executing projects independently
• Ability to understand technical and security issues from a customer points of view
• Strong written and verbal communication ability in English, especially technical writing for a developer audience

What we offer you: 

• Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs. 
• Wellness benefits to help you focus on what’s most important.
• “Take What You Need” time off policy.
•  Extensive development and training offerings to help you grow your career at Veracode.
• Generous 401k match to help save for your future.
• Amazing community of professionals who take pride in what we do every day.

Compensation Transparency

In accordance with U.S. pay transparency laws, Veracode provides compensation transparency for roles based in the United States. Click here to view our compensation ranges by grade. Please note, specific compensation may be influenced by various factors including candidates experience, education, and work location.

Job Grade: Senior

Employment opportunities are available to all applicants without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.