Senior Security Researcher

Senior Security Researcher 

Looking for an innovative, high-growth company in one of the hottest segments of the security market?  Look no further than Veracode!  

Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at www.veracode.com!  

The Senior Security Researcher will understand a wide variety of security vulnerabilities, across various environments and languages, and be able to integrate findings into a report as part of the Applied Research team.  The researcher will act across various domains, capable of understanding and scoring CVE/CVSS across a wide range of languages and environments, including native application, web applications, containers and in services within the cloud.  

Key aspects of the Role: 

• Integrate security findings from various areas into reports for a CISO or other interested parties. 
• Configure and deploy automated application and cloud security testing solutions including SAST, DAST, SCA, IaC, and container scanning. 
• Triage and correlate CWEs, CVEs, and other common security defects, score them, and relay essential information to stakeholders. 
• Provide input and guidance into development of functional requirements for the Application Security Posture Management (ASPM) product. 
• Perform security assessment and research of containers, infrastructure as code, low- and no-code environments. 
• Provide independent research for product features. 
• Conduct independent research for the larger security community. 

What you’ll need: 

• Expert understanding of fundamental security concepts with a focus on application security in particular. 
• Able to investigate, understand, and contextualize a wide array of vulnerabilities and be able to explain them at a technical depth appropriate to audience. 
• The skills to reverse engineer or otherwise assess a CVE, reproduce the vulnerability, and pinpoint the affected source code. 
• Familiarity with modern SDLC practices, cloud-based architecture, and deployment patterns including technologies such as git, CI/CD pipelines (GitHub, GitLab), Docker, Kubernetes, AWS, Azure, etc. 
• Strong writing skills and the ability to discern what’s important as well as the ability to present those findings. 
• Prototyping tools for analysis and software hacking problems.   

What we offer you:   

• Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs.    
• Wellness benefits to help you focus on what’s most important.   
• “Take What You Need” time off policy.    
• Extensive development and training offerings to help you grow your career at Veracode.   
• Generous 401k match to help save for your future.   
• Amazing community of professionals who take pride in what we do every day   

Compensation Transparency

In accordance with U.S. pay transparency laws, Veracode provides compensation transparency for roles based in the United States. Click here to view our compensation ranges by grade. Please note, specific compensation may be influenced by various factors including candidates experience, education, and work location.

Job Grade: Senior

Employment opportunities are available to all applicants without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Fraudulent Recruitment Alert - Be Aware and Stay Informed

At Veracode, we prioritize a secure recruitment process. Unfortunately, fake recruitment and job offer scams are on the rise. They aim to deceive candidates through emails and calls to obtain sensitive information.

Here’s our recruitment promise to you:

• Comprehensive Interview Process: We never extend job offers without a comprehensive interview process involving our recruitment team and hiring managers.
• Offer Communications: Our job offers are not sent solely through email, and we will never ask you to pay for your own hardware.
• Email Verification: Recruiting emails from Veracode will always originate from an “@veracode.com" email address.

If you have any doubts about the authenticity of an email, letter, or telephone communication claiming to be from Veracode, please reach out to us at careers@veracode.com before taking any further action.