Security Researcher

Adobe Systems Incorporated San Jose , CA 95111

Posted 3 months ago

Security Researcher

The Adobe Document Cloud Core Security Engineering Team is looking for someone with extraordinary security skills who is an expert in how to find, fix, and prevent vulnerabilities in our software. The Adobe Document Cloud Core Security Engineering Team is a dynamic, high-profile team involved in the development of Adobe Document Cloud products and services, and is a great opportunity to make a difference at a software company.

Responsibilities:

  • Lead implementation of threat models, secure software test plans, policy, and procedures for product engineering and QE

  • Conduct code reviews of products built in Java, JavaScript as well as scripting languages (shell, python, perl)

  • Design security-related functionality and verify proper implementation of new features

  • Find and fix security and privacy flaws in Adobe Document Cloud products and services

  • Hands on security and pen-testing experience including manual testing

  • Develop tools to automate security testing and enable more efficient discovery and resolution of security problems

  • Guide teams on adoption and execution of a Secure Product Life Cycle

  • Educate product teams on security best practices by providing real-world examples and hands on training

  • Help define and evolve online security operations/procedures for large managed Software-as-a-Service environments

  • Maintain awareness of up-to-date threat and vulnerability profiles

  • Respond to web security incidents

  • Coordinate with peers from other Adobe business units

  • Communicate security information to users and customers through blogs, white papers, and/or conference presentations

Requirements:

  • Bachelor degree in computer science, engineering or a related discipline,

  • A minimum of 3 to 5 years of experience working with web security, or an equivalent combination of education and work experience;

  • Deep knowledge of web application attack and mitigation techniques (XSS, CSRF, SQL Injection, and Session Management)

  • Deep knowledge of AWS and Azure environments, security best practices, attack and mitigation techniques

  • Knowledge of web security protocols

  • Knowledge of mobile applications attack and mitigation techniques

  • Experience in web development using Java, JavaScript as well as scripting languages (shell, python, perl) - this is a hands-on position which will involve manual testing as well as building security test tools for delivery to and use by other teams.

  • Familiarity with browser, web service, and operating system security concepts;

  • Good analytical ability;

  • Strong written and oral skills in English

  • Occasionally interface with senior management

  • The ideal candidate must be able to convey complex security issues and risks while maintaining a positive relationship with product teams

  • Minimal travel required

At Adobe, you will be immersed in an exceptional work environment that is recognized throughout the world on Best Companies lists. You will also be surrounded by colleagues who are committed to helping each other grow through our unique Check-In approach where ongoing feedback flows freely.

If you're looking to make an impact, Adobe's the place for you. Discover what our employees are saying about their career experiences on the Adobe Life blog and explore the meaningful benefits we offer.

Adobe is an equal opportunity employer. We welcome and encourage diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability or veteran status.


upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Researcher

A10 Networks

Posted 3 months ago

VIEW JOBS 11/18/2018 12:00:00 AM 2019-02-16T00:00 Standing at the critical junction between your network and your applications, A10 is a leader in secure application services. Our solutions protect and optimize application performance in a world of many clouds. As part of our ongoing commitment to product security, A10 is hiring the best in class talent to assist with the continuing development of powerful and secure products and services. This position is for a Product Security Specialist with industry experience to grow and maintain our PSIRT (Product Security Incident Response Team) and product certification programs. You will help drive the security incident research and remediation process coordinating across Technical Support, Product Development, Marketing, Communications, Legal, and other appropriate business units. The Product Security Incident Response Specialist is responsible for working product security incidents and issues from identification through resolution. Responsibilities: * Lead security incidents according to the Product Security Incident Response procedures * Drive the establishment of internal standards for product security testing and compliance * Drive requirement determination and capability resolution for product certifications such as FIPS and Common Criteria working with cross functional development teams * Following through and coordinating items to manage the company's end to end response for reported incidents and certification requirements; coordinating heavily and actively with the development technical teams * Perform collection, analysis, and research of system, network and application vulnerabilities and threats * Work with development teams to provide in-depth technical analysis of security issues and plan remediation availability in future software or firmware releases and updates * Triage security issues and quantitatively evaluate risk using industry standard metrics such as Common Vulnerability Scoring System (CVSS) * Draft responses to field inquiries regarding potential product security vulnerabilities * Draft publications for the disclosure of product security vulnerabilities * Compile and analyze product security data for management reporting and metrics * Foster a culture of security consciousness across the R&D organization * Foster continuous improvement efforts related to security activities Qualifications * Requires BS/BA degree or equivalent industry experience and 10+ years in the Software Development or Security related fields * Strong knowledge of networking technologies, protocols and information delivery such as: TCP/IP, SSL/TLS, SSH, IPSec and HTTP * Experience with programming and scripting languages such as: Python, Bash and C * Experience using Linux operating systems * Experience with upstream maintenance update processes and procedures for 3rd-party operating system and software component technology vendors * Effective written and verbal communication regardless of audience or issue complexity * Ability to express requirements in technical and non-technical terms to customers, peers, and management * Ability to work collaboratively and remotely with others to accomplish complex goals * Ability to work with Engineering in planning and problem-solving exercises of technical nature Preferred Qualifications * Shown experience dealing with raised, customer-facing issues (security preferred) effectively and efficiently * Knowledge of industry practices for responsible disclosure of security threats and product vulnerabilities * Experience with vulnerability analysis and penetration testing of both hardware and software targets * Knowledge of FIPS 140-2, Common Criteria, and other related security certification standards * Knowledge of common security related protocols and their design (i.e. ssh, IPsec, TLS, etc.). * Knowledge of cryptographic encryption algorithms, key exchange algorithms, hashing algorithms, PKI, etc. A10 Networks is an equal opportunity employer and a VEVRAA federal subcontractor. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. A10 also complies with all applicable state and local laws governing nondiscrimination in employment. A10 Networks San Jose CA

Security Researcher

Adobe Systems Incorporated