This position is based in the US and you must be on the East Coast.
GitGuardian is a global pre-Series C cybersecurity startup.
Among our early investors who saw our market value proposition, are the co-founder of GitHub, Scott Chacon, along with Docker co-founder / CTO Solomon Hykes 👀. American and European top-tier VC firms have also invested in GitGuardian.
GitGuardian teams have developed a source code security platform for the DevOps generation. Our solutions are already used by more than 400K developers worldwide!
Our typical customers are companies with hundreds of developers that are leveraging numerous services like SaaS applications, cloud infrastructures, or internal microservices and are mature on DevOps and cloud adoption.
Our products are used by different teams: Software Development and Ops teams, Application Security, Threat Response and the buying decision comes from CISOs / CTOs / Directors of Security / Head of Appsec.
Innovating in our field and showing deep expertise in cybersecurity topics is key to our success, your work will matter and will be advertised externally.
We are seeking a highly skilled and motivated senior security researcher to join our global team, focusing on addressing security challenges related to code and application security.
As a cyber security researcher, you will identify and evaluate ideas for new products, conduct technical research, and run experiments. You will also participate in the larger security community through blog posts, research papers and participation in industry conferences.
Our ideal candidate will stay up-to-date with the latest code security trends and techniques, as well as work closely with our development and product teams to design new security features and with our marketing team to develop technical long-form content. You will report directly to our CMO.
Here are some of the primary projects you will work on in your first year:
Researching and publishing on topics related to code security, providing technical expertise to other R&D teams, developing tools to support analysts in their day-to-day duties, and collecting technical artifacts about adversary activity.
Analyzing, researching, and delving deep into the vast amount of data gathered by GitGuardian, technologies, tools, and products, existing and emerging, to understand how they work and how they can be utilized to build new solutions to user problems.
Reproduce emerging vulnerabilities and provide actionable technical information.
Author blog posts, research papers and conference presentations on topics and research in your area of expertise.
Analyze our different datasets to extract insights that can be shared to the community
Some of your research fields would include:
Secrets Leakage Analysis: Analyze historical code repositories to identify instances where secrets have been inadvertently leaked or been exposed. This could involve conducting forensic analysis of code commits, finding patterns, big leaks and potential attack surfaces.
Vulnerability Research: Identify and analyze vulnerabilities in software code, libraries, and frameworks. This includes both known vulnerabilities (CVEs) and zero-day vulnerabilities.
Threat Intelligence: Research emerging threats, attack vectors, and adversary tactics to stay ahead of potential security risks. This includes monitoring underground forums, analyzing threat actor behavior, and tracking new malware campaigns.
Supply Chain Security: Investigate supply chain attacks and vulnerabilities within third-party components, dependencies, or libraries used in software development.
If you think you match at least 70% of these criteria, please apply!
Expected experience of 5+ years working in a security engineer role (Application Security, Security Operations, Security Development), with 2+ years of those dedicated to research-related work, or an equivalent educational experience.
Have a keen eye for identifying complex security problems in software and/or infrastructure, and defining their solutions.
Enjoy hacking things and rapidly prototyping ideas.
Be proficient in a scripting language (Python or Go).
Be data driven and have strong data analytics skills.
Be a team player and like collaborating on cross-functional teams.
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
And also...
1. Video call with a Talent Acquisition team member
To discover your professional projects and evaluate if there could be a mutual match.
2. Team interview: Meet the team and/or your future manager
To know more about yourself and your achievements, and present to you the team.
3. Business case
To work at home and to present to the team.
Objective: to evaluate your skills for the position and project yourself into the role.
4. Final interview with the CEO
Eric will detail our company’s vision and ambitions for the next couple of years.
Products
Clients
People
GitGuardian is an equal opportunity employer committed to encouraging and celebrating its diverse and inclusive workforce. We’re building an employee experience that includes appreciation, belonging, growth, and purpose for everyone.
We welcome all without regard to age, race, color, religion, gender identity and expression, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, citizenship, national origin, disability, military status, veteran status, political affiliation, or any other protected characteristics. All aspects of employment will be solely based on merit and qualifications related to professional competence. GitGuardian operates on a principle of mutual respect and acceptance, and every employee must follow GitGuardian's anti-harassment and anti-discrimination company policies.