Black Duck Software is the leader in open source software security and compliance. With thousands of new vulnerabilities reported each year, our customers require timely data on vulnerabilities and actionable remediation strategies.
The Security Researcher will be a key contributing member of a highly motivated team of security researchers to identify and analyze disclosed vulnerabilities in open source projects, develop mitigation/remediation guidance for those vulnerabilities, work with engineering to identify current and future information needs, and analyze data for presentations through white papers, reports and industry presentations.
- Engage with engineering and other core business functions in order to continuously improve product capabilities and customer value.
- Document security tools and associated systems.
- Perform security research activities on both known and unknown vulnerabilities.
- Interact with Black Duck customers in order to fully understand contextual Threat and Vulnerability information required.
Skills & Experience:
- Awareness and understanding of various operating systems and common applications
- Ability to perform vulnerability/penetration assessments.
- Familiar with various testing tools
- Experience with detection & protection technologies(IDS/IPS/WAF)
- Understanding of KillChain model
- Proven ability to proactively plan and execute project work aligned to core business needs
- Solid understanding of existing threats & mitigation / remediation strategies
- Demonstrate strong problem solving abilities whilst being able to work independently
- Scripting experience (Various: Python /Perl/Java/Ruby etc)
- Fast paced and versatile.
- Understands the importance of strong process and structured documentation / reporting capabilities.
- Bachelors degree in Computer science
- A total of five years professional experience in the following roles
- software development (C/C++, Java, .NET)
- security research
- security tester, including static and dynamic analysis tools
- Demonstrated understanding of the Secure Development Lifecycle (security requirements, threat modeling, attack surface analysis)
- Excellent written and oral communications skills
About Black Duck
Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Belfast, Frankfurt, Hong Kong, Tokyo, Vancouver, Seoul and Beijing.
For more information, visit www.blackducksoftware.com
Interested applicant should apply via Black Duck Careers