Micro Focus

Sr. Software Security Research Engineer - AppSec

Software Developer in Santa Clara, CA

Posted 2020-01-24

Micro Focus Fortify is seeking an experienced, energetic, self-driven enterprise Software Security Researcher who understands that security is more than firewalls and encryption. Software security is becoming a bigger concern as more and more organizations are experiencing embarrassing public incidents with large losses of data. We’re looking for people to:

Expand the security content and capabilities of Micro Focus Fortify Products
Improve Fortify’s ability to communicate with and educate customers about security issues
Publish and present Fortify’s research and other relevant security topics
Follow trends in software security and assess their significance
Investigate and implement techniques for exploiting security vulnerabilities
Discover new methods for automatic identification of vulnerabilities
Extract the essence of known vulnerabilities to shape products of the future
Identify new vulnerabilities in open source projects and customer code
The Software Security Research (SSR) team specializes in approaching security from the perspective of how we build and use software. SSR is responsible for conducting security research which leads to enhanced security products as well as contributions to the Micro Focus Security Research Blog, whitepapers, conference presentations, and annual Cyber Risk Report.

SSR in the past has identified new types of software vulnerabilities, defined the taxonomy used by all Fortify products and highlighted broad security problems in development practices. The team regularly speaks about these topics at major industry conferences, such as RSA, BlackHat, DefCon, and OWASP APPSEC.

In addition, the SSR team is responsible for quarterly releases of security content for Enterprise Security Fortify products (Static Code Analyzer, WebInspect, Fortify on Demand, Application Defender, and Software Security Center Server).These updates expand the types of issues detected and platforms and libraries supported. Content updates are driven by customer needs and the SSR team’s broader research agenda, allowing the Fortify products to keep up with a rapidly evolving development and security landscape.

Knowledge and Skills:
Bachelors/Masters/PhD in Computer Science/Engineering
3+ years' systems/software experience with strong focus in enterprise security
Proficient in multiple programming languages (e.g. Java, C#/ASP.NET, GoLang, C/C++, Objective-C, Scala, SWIFT)
Strong technical communication skills
Interest in software security and secure development
Exposure to common security software flaws
Extensive experience with multiple software systems design tools and languages
Excellent analytical and problem solving skills
Experience in overall architecture of software systems for products and solutions
Designing and integrating software systems running on multiple platform types into overall architecture
Evaluating forms and processes for software systems testing and methodology, including writing and execution of test plans, debugging, and testing scripts and tools
Excellent written and verbal communication skills; mastery in English and local language. Ability to effectively communicate product architectures, design proposals and negotiate options at senior management levels.

Preferred Skills:
Proficient in scripting languages (e.g. Python, JavaScript)
Source code auditing experience (especially Fortify SCA)
Experience working in a large enterprise software development environment

Ready to be seen?

Apply now to have the opportunity to be considered for similar jobs at leading companies in the Seen network for FREE.

Be seen in a new Software Developer job

Skip the search

Zero stress and one profile that can connect you directly to 1000s of companies.

Best-fit jobs—for you

We’ll take it from there. After you tell us what you’re looking for, we’ll show you off to matches.

Free Career Coaching

Boost your interview skills, map your tech career and seal the deal with 1:1 career coaching.

You get tech. We get you.

Join now and be seen.