Security Engineer

Boston, MA, United States

Description

The security engineer will join a team of application security experts in Security Innovation's Boston office as they assess the security of software systems for Security Innovation's global client base of technology vendors and enterprise IT organizations. Successful candidates will be experts in application security design and code review, application security testing and application security research. The ideal candidate has a strong involvement in the software security community and is passionate about software and security while at work and on personal time.

A successful candidate will be well versed and capable in the following areas:

  • Application penetration testing
  • Manual and/or automated code analysis
  • Strong development skills
  • Deep security research background
  • Experienced with customer technology assessment and security risk analysis

Responsibilities:

  • Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile and more
  • Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
  • Create threat models that result in more secure application design
  • Design and develop security testing scenarios
  • Analyze and present results of testing to team members, managers and customers
  • Write detailed problem reports, test plans documents and mitigation recommendations as needed
  • Develop tools to aid penetration test automation and effectiveness
  • Review code for common security vulnerabilities

Qualifications:

  • Minimum 2-3 years' experience in the field of application security
  • B.S. Degree in Computer Science or equivalent experience
  • Strong knowledge of application design, development and testing techniques
  • Knowledge of specific attack types and common security bug categories
  • Knowledge of a variety of programming languages (C/C++, Java/J2EE, .NET, ASM)
  • Strong capacity for debugging application and security issues
  • Thorough knowledge of the Windows OS (XP, NT, Win2K etc.) and/or Linux and Unix variants