As a security engineer you should be able to absorb new technologies and determine how to test them for vulnerabilities quickly and to maximum effect. You should have the ability to drop into a network, compromise systems, traverse network segregation and chain vulnerabilities to gain Domain Admin or gain access to critical Linux, UNIX or other proprietary system. In general your infrastructure, protocol and networking ability should be strong and well-practiced. You should be able to carry out static code analysis using manual and automated techniques in a variety of languages. You should be able to disassemble binaries, trace program flow, extract clear text data and recognize where encryption techniques are in use.
Like to write your own tools? Then you’ll fit in well with us! Whether it’s a quick and dirty python harness or something more robust, we encourage our engineers to regularly write custom tools to carry out security testing.
Implement and manage security vendor technologies that provide detective and preventive capabilities including: Vulnerability scanners, endpoint security, intrusion detection, SSL VPN network forensics, content detonation, network and application firewalling, change detection, and Security Event Management.
Constantly question existing security practices and routines, and update, replace or automate them
Audit infrastructure, software, and configuration to prevent and correct vulnerabilities
Bachelor's degree in Computer Science / Engineering or equivalent experience
2-3 years experience in Information Security
Competency in Shell, Ruby, Perl or Python for automation is desired.
Solid understanding of web services architecture and commonly employed technologies
Excellent verbal and written communication skills.
Deep expertise in information security theory and practice, with specialization in at least one of:
Web application security (esp. Ruby/Rails)
Sandboxing untrusted code
Linux userland security
Linux kernel security