Skip to main content

Sr. Software Security Researcher – AppSec, Dynamic

  • Full Time
  • Remote

Website Micro Focus, LLC

Sr. Software Security Researcher – AppSec, Dynamic  

Job Description:

LOCATION IS…Planet EARTH, or somewhere else with a solid net connection.

Micro Focus Fortify is seeking an experienced, energetic, self-driven enterprise Software Security Researcher with a background in Computer Science/Engineering who understands that security is more than firewalls and encryption. Software security is becoming a bigger concern as more and more organizations are experiencing embarrassing public incidents with large losses of data. We’re looking for people to:

Expand the security content and capabilities of Micro Focus Fortify Products
Improve Fortify’s ability to communicate with and educate customers about security issues
Follow trends in software security and assess their significance
Investigate and implement techniques for exploiting security vulnerabilities
Discover new methods for automatic identification of vulnerabilities
Extract the essence of known vulnerabilities to shape products of the future
Identify new vulnerabilities in open source projects and customer code

The Software Security Research (SSR) team specializes in approaching security from the perspective of how we build and use the software. SSR is responsible for conducting security research which leads to enhanced security products as well as contributions to the Micro Focus Security Research Blog, whitepapers, conference presentations, and annual Cyber Risk Report.

SSR in the past has identified new types of software vulnerabilities, defined the taxonomy used by all Fortify products, and highlighted broad security problems in development practices. The team regularly speaks about these topics at major industry conferences, such as RSA, BlackHat, DefCon, and OWASP APPSEC.

In addition, the SSR team is responsible for quarterly releases of security content for Enterprise Security Fortify products (Static Code Analyzer, WebInspect, Fortify on Demand, Application Defender, and Software Security Center Server). These updates expand the types of issues detected and platforms and libraries supported. Content updates are driven by customer needs and the SSR team’s broader research agenda, allowing the Fortify products to keep up with a rapidly evolving development and security landscape.

Knowledge and Skills:

Bachelors/Masters/PhD in Computer Science/Engineering, Information Systems, or related field
Strong communication and analytic skills
Must have a working knowledge of web application development technologies e.g. HTTP(S), HTML5, Java, ASP.NET, PHP, Apache Web Server, IIS etc.
Familiarity with the .NET framework with proficiency in C#
Working knowledge of tools such as Web Proxy, Wireshark etc.
Working knowledge of common security software flaws
Working knowledge of TCP/IP, SSL protocols, and cipher suites
Familiarity with Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE)
Knowledge of industry standards e.g. NIST 800-53 and DISA-STIG is a plus
Preferred Skills:

Previous experience with pentesting (especially using Fortify products)
Previous experience working in a large enterprise software development environment

About Micro Focus

Micro Focus is one of the world’s largest enterprise software providers. We deliver mission-critical technology and supporting services that help thousands of customers worldwide manage core IT elements of their business so they can run and transform—at the same time.

 

Tagged as:

To apply for this job please visit jobs.microfocus.com.