Vacancy caducado!
Sr. Software Security Research Engineer - AppSec, DynamicJob Description:At Micro Focus, everything we do is based on a simple idea: The fastest way to get results is to build on what you have. Our software solutions enable organizations to do just that. Secure and scalable, with analytics built in, they bridge the gap between existing and emerging IT-fast-tracking digital transformations across DevOps, Hybrid IT, Security, and Predictive Analytics. In the race to innovate, Micro Focus customers have the clear advantage. Our portfolio spans the following areas: DevOps|IT Operations| Cloud| Security |Info Governance | Big Data, Machine Learning, & AnalyticsMicro Focus Fortify is seeking an experienced, energetic, self-driven enterprise Software Security Researcher with a background in Computer Science/Engineering who understands that security is more than firewalls and encryption. Software security is becoming a bigger concern as more and more organizations are experiencing embarrassing public incidents with large losses of data. We're looking for people to:
- Expand the security content and capabilities of Micro Focus Fortify Products
- Improve Fortify's ability to communicate with and educate customers about security issues
- Follow trends in software security and assess their significance
- Investigate and implement techniques for exploiting security vulnerabilities
- Discover new methods for automatic identification of vulnerabilities
- Extract the essence of known vulnerabilities to shape products of the future
- Identify new vulnerabilities in open source projects and customer code
- Bachelors/Masters/PhD in Computer Science/Engineering, Information Systems, or related field
- Strong communication and analytic skills
- Must have working knowledge of web application development technologies e.g. HTTP(S), HTML5, Java, ASP.NET, PHP, Apache Web Server, IIS etc.
- Familiarity with the .NET framework with proficiency in C#
- Working knowledge of tools such as Web Proxy, Wireshark etc.
- Working knowledge of common security software flaws
- Working knowledge of TCP/IP, SSL protocols, and cipher suites
- Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE)
- Knowledge of industry standards e.g. NIST 800-53 and DISA-STIG is a plus
- Previous experience with pentesting (especially using Fortify products)
- Previous experience working in a large enterprise software development environment