Security Researcher
London
Applications have closed
R3
R3 is leading the digitization of financial services, enabling an open, trusted and enduring digital economy. Learn more about R3's Corda.
We are looking for a Senior Security Researcher to join an amazing group of technologists to contribute to Corda, Corda Enterprise and other products in the Corda ecosystem. The role will revolve around securing the Corda platform, by undertaking vulnerability assessments, conducting security research and contributing to all stages of the secure development life-cycle. This will require collaborating with the engineering team to understand the development process, and supporting development using threat modelling, architecture and design.
You will have a history of conducting application vulnerability assessments and will be able to clearly communicate your findings through report writing and close collaboration with the engineering team. Ideally, you will have practical experience of secure development life-cycle and software engineering principles. You can work independently to research a problem domain to gain insight and subsequently deliver the work and solve the problem. You will be comfortable getting into the guts of a complex distributed system and be able to conceptualise its operation at many levels. Most importantly you are excited and motivated by the challenge of solving hard problems in a way that delivers to clients and delights them.
The Senior Security Research Engineer will have “practitioner” level skills in software development security, security architecture and engineering and security assessment and testing. They will also have competence in one or more of communication and network security, identity and access management (IAM) and security operations.
You will have a history of conducting application vulnerability assessments and will be able to clearly communicate your findings through report writing and close collaboration with the engineering team. Ideally, you will have practical experience of secure development life-cycle and software engineering principles. You can work independently to research a problem domain to gain insight and subsequently deliver the work and solve the problem. You will be comfortable getting into the guts of a complex distributed system and be able to conceptualise its operation at many levels. Most importantly you are excited and motivated by the challenge of solving hard problems in a way that delivers to clients and delights them.
The Senior Security Research Engineer will have “practitioner” level skills in software development security, security architecture and engineering and security assessment and testing. They will also have competence in one or more of communication and network security, identity and access management (IAM) and security operations.
Skills:
- Good understanding of standard security vulnerabilities and their standard fixes and mitigations
- Ability to identify security issues at different stages of the SDLC - from architecture & design through to implementation
- Experience performing dynamic analysis of software using debugging tools
- Expertise in Java, Kotlin, or a similar high-level language
- PKI and Cryptography
- In-depth knowledge of Java and JVM internals is beneficial
- Reverse engineering experience
- Experience solving Capture-the-Flag challenges is a bonus!
- Develop tools to support vulnerability analysis
- Excellent written and verbal communication skills, including the ability to convey highly technical information to non-technical audiences.
- Build relationships with engineering teams to improve product security
- Using revision control systems
Responsibilities:
- Perform vulnerability assessments of the Corda platform with limited guidance from the Head of Security Research.
- Conduct security research to identify novel threats and mitigations that may impact the Corda platform.
- You will support the Engineering team by:
- Educating and mentoring the team on relevant attacks, defence, mitigations and tooling
- Contribute to secure software development design guidance that addresses both the security and business needs
- Review source code to support the delivery of software
- Undertake threat modelling sessions and use advanced judgement to contribute to software designs.
- Support research and evaluate the state of the art within the distributed ledger space.
Requirements:
- First and foremost we want you to love what you do. You will be a security evangelist beginning to have recognition as a subject matter expert within R3 and the external community of Corda participants, both current and future.
- You'll have at least three years of experience in a security role, specifically in application security assessment. We'd love to see evidence of other experience too, you might have been a developer or network operations engineer in a previous life.
- We believe that we work better as a team, and hope you share that belief. You have experience leading small teams and providing mentoring and guidance to junior engineers so they can meet their career aspirations and make meaningful contributions. You'll be working with a diverse group of people with a variety of skills and backgrounds where your high level of emotional intelligence and influencing techniques can generate enthusiasm for your suggestions and recommendations for improvements.
- You'll need excellent communication skills, both verbal and written. You'll be happy presenting to the company at all-hands meetings or explaining the impact of vulnerabilities you identify to a range of stakeholders. Regular collaboration with management and peers mean you contribute to tactical planning and solving complex challenges.
Tags: Application security Cryptography IAM Java Kotlin Network security PKI Product security Reverse engineering SDLC Security assessment Vulnerabilities
Perks/benefits: Career development
Region:
Europe
Country:
United Kingdom
Job stats:
20
0
0
Category:
Research Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs