Senior Security Researcher

Senior Security Researcher

Black Duck Software is the leader in open source software security and compliance.  With thousands of new vulnerabilities reported each year, our customers require timely data on vulnerabilities and actionable remediation strategies.

The Senior Security Researcher will build and lead a team of security researchers to identify and analyze disclosed vulnerabilities in open source projects, develop mitigation/remediation guidance for those vulnerabilities, work with engineering to identify current and future information needs, and analyze data for presentations through white papers, reports and industry presentations. This individual will report to the Director of Security Research and will work out of our Belfast, Northern Ireland office. 

Primary Responsibilities:

  • Engage with engineering and other core business functions in order to continuously improve product capabilities and customer value.
  • Document security tools and associated systems.
  • Perform security research activities on both known and unknown vulnerabilities.
  • Interact with Black Duck customers in order to fully understand contextual Threat and Vulnerability information required.

Skills & Experience:

  • Advanced knowledge of various operating systems and common applications
  • Ability to perform vulnerability/penetration assessments.
  • Familiar with various testing tools
  • Experience with detection & protection technologies(IDS/IPS/WAF)
  • Understanding of KillChain model 
  • Proven ability to develop and mentor team members whilst providing leadership
  • Solid understanding of existing threats & mitigation / remediation strategies
  • Demonstrate strong problem solving abilities whilst being able to work independently
  • Scripting experience(Various: Python /Perl/Java/Ruby etc)
  • Fast paced and versatile. 

Understands the importance of strong process and structured documentation / reporting capabilities.

Job Requirements: 

  • Master’s degree in Computer science
  • A total of five - ten years’ professional experience in the following roles
    • DevOps
    • software development (C/C++, Java, .NET)
    • security research
    • security tester, including static and dynamic analysis tools
  • Demonstrated understanding of the Secure Development Lifecycle (security requirements, threat modeling, attack surface analysis)
  • Excellent written and oral communications skills

About Black Duck

Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Belfast, Frankfurt, Hong Kong, Tokyo, Vancouver, Seoul and Beijing. 

For more information, visit www.blackducksoftware.com 

Interested applicants may apply via Black Duck Careers