Principal Security Researcher

Veracode
Full time
Software Development
United States
Hiring from: Anywhere

Principal Security Researcher



  • Remote


Our Mission Securing the software that powers your world. At Veracode, we are focused on that mission every day. Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes.


We are seeking a Principal Security Researcher to join Veracode’s Applied Research Group. The Principal Security Researcher will lead research projects for improving the capabilities and quality of Veracode’s automated software security testing products by designing detection techniques for software vulnerabilities. They will also conduct original security research to give back to the community and advance its knowledge.


Key responsibilities



  • Conduct research to identify potential weaknesses and security vulnerabilities in software across a variety of programming languages, platforms, frameworks, and libraries. Describe vulnerabilities and potential exploits, produce proofs of concept and representative examples to aid engineering teams in building automated detection

  • Prototype detection algorithms and perform binary analysis/reverse-engineering as needed

  • Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems

  • Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable

  • Mentor and provide technical guidance to developers and researchers

  • Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.


Candidate Description


Principal Security Researchers enjoy working independently to solve novel and sometimes difficult technical problems and are able to quickly learn about the security posture and attack surface of programming languages, libraries, and frameworks, even without prior experience using them. They work methodically and comprehensively, and can clearly and effectively communicate technical information to developers and security practitioners. Principal Security Researchers must be able to collaborate effectively with developers who implement their research.


Key skills and experience desired:



  • 7+ years of software or technology work experience, including at least:

  • 3+ years of practical application security work experience, such as source code auditing, penetration testing, product assessment, vulnerability research, reverse engineering, and/or other related pursuits

  • 2+ years of practical software development experience, either in a commercial setting or through a portfolio of personal projects

  • The ability to enter a breaker mentality Veracode is defensively-oriented, but our research work requires an offensive mindset, including the ability to assess the attack surface of a piece of software

  • Prototyping ability you must be comfortable producing quick and dirty hacks to demonstrate a concept or solve a one-off problem

  • Strong professional skills:

  • Attention to detail as part of a commitment to quality

  • Analytical and organizational capability for advocating, planning, and executing projects independently

  • Ability to understand technical and security issues from a customer point of view

  • Strong written communication ability, especially technical writing


The following are valuable but not required:



  • Experience consulting with internal or external customers

  • Deep familiarity with some popular languages and frameworks, especially those commonly used for enterprise (e.g. Java, C#.NET), mobile (e.g. Kotlin, Swift), rapid web (e.g. Node.js, Angular and other browser-side frameworks), and automation (e.g. Python, Golang, Scala) applications

  • Experience using, deploying, or customizing commercial application security products (e.g. SAST, DAST, IAST technologies)

  • Experience using software project tools like git, Jira, and CI/CD automation tools


The Veracode Way:


We Have a Passion and Commitment for Security

We consider security in everything we do. We act to preserve the trust our customers place in us.


We Help Our Customers Change the World

We deliver peace of mind to our customers so they can focus on the pursuit of their missions.


We Have Big Goals and Expect Big Outcomes

We are results driven. We take risks, compete boldly, and deliver valuable outcomes to our customers.


We Are Committed to Making Progress Together

We collaborate with each other, our user communities, our industry and together lead the world forward.


We Value Each Other

We value diversity. We have empathy for each other and assume positive intent.


We Are Proud to be Veracode

We have fun together. We honor who we are and work hard to achieve our potential.


More About Working at Veracode:


Veracode, is a leader in helping organizations secure the software that powers their world. Veracode’s SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets- whether that’s software they make, buy or sell.


Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter and in the Veracode Community.


At Veracode you’ll have the opportunity to eliminate barriers for our customers and earn a competitive compensation and total rewards package all while pushing the boundaries of what’s possible by collaborating with a diverse team of global innovators. In short, Veracode’s fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.


We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.


How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

About this job Location options: RemoteJob type: Full-timeExperience level: Mid-Level, Senior, LeadIndustry: Software DevelopmentCompany size: 51–200 peopleCompany type: PrivateTechnologies c#, .net, agile, amazon-web-services Job description Important notes:-We are not working with third parties at this time; any resumes from vendors will...
c# .net agile amazon-web-services
Software Development
United States
Hiring from: United States
UKG (Ultimate Kronos Group)
Full time
About this job Location options: RemoteJob type: Full-timeExperience level: Senior, LeadIndustry: Computer Software, Human Resources, Software DevelopmentCompany size: 10k+ peopleCompany type: PrivateTechnologies javascript, mongodb, python, prometheus, grafana Job description Principal Cloud Architect at Ultimate Software are hybrid Network/System Architects that...
javascript mongodb python prometheus grafana
Software Development
United States
Hiring from: United States
Who We Are Tavour makes it possible to discover and access the highest-rated craft beers from all over the nation through our mobile app experience. We believe deeply in our mission to support independent brewers, bringing innovation and access centerstage...
Software Development
United States
Hiring from: Anywhere