Security Engineer - Cryptography Specialist

September 20

Apply Now

Receive Emails with Similar Jobs

Security Innovation

WebsiteLinkedInAll Job Openings

software security • general security training • developer security training • IoT • hackathon

51 - 200

💰 $4M Series C on 2015-03

Description

• Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more. • Perform in-depth security assessment of crypto configurations. • Ensure the cryptographic implementations provide data integrity, confidentiality, and non-repudiation. • Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications. • Create threat models that result in more secure application design. • Design and develop security testing scenarios. • Perform cloud configuration audits and cloud design reviews. • Analyze and present results of testing to team members, managers, and customers. • Write detailed problem reports, test plan documents, and mitigation recommendations as needed. • Develop tools to aid penetration test automation and effectiveness. • Review code for common security vulnerabilities. • Possible travel to client sites to conduct in-person security reviews and assessments (travel is very limited, up to 2 to 3 times a year at most for up to 5 business days to client sites to conduct in-person security reviews and assessments. Company has clients throughout US so travel could be anywhere in US).

Requirements

• Education: Master’s degree in Information Security, Computer Science or related field • Experience in conducting penetration tests for high profile customers or products • Experience working in R&D teams on fast paced, and high impact projects • Experience in writing and reviewing technical reports on vulnerabilities findings • Experience in communicating with clients about discovered vulnerabilities and participated in kick-off meetings • Knowledge of common application security bugs, attack types, and mitigation strategies • Knowledge of reverse engineering techniques • Knowledge of creating cyber risk and threat modeling • Knowledge of applied and theoretical cryptography • Basic knowledge of Post-quantum Cryptography and NIST Post-quantum Cryptography Standardization • Solid understanding of networking fundamentals • Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming • Knowledge of cloud infrastructure and performing cloud configuration reviews • Demonstrate an ability to code in one or more languages • Basic understanding of Mobile security testing tools • Knowledge of reverse engineering malwares including unpacking and bypassing obfuscation and conducting forensic analysis • Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg • Ability to conduct research on a technical topic and deliver presentations for a technical audience • Demonstrate strong interpersonal and communication skills.

Benefits

• Telecommuting permitted, can perform duties anywhere in US. • Multiple openings.