Security Engineer - Cryptography Specialist

Please submit resumes via e-mail only: [email protected] Must reference “Code 98101” in e-mail subject line.

****Telecommuting permitted, can perform duties anywhere in US.****Multiple openings.

Duties:

• Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more.
• Perform in-depth security assessment of crypto configurations.
• Ensure the cryptographic implementations provide data integrity, confidentiality, and non-repudiation.
• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
• Create threat models that result in more secure application design.
• Design and develop security testing scenarios.
• Perform cloud configuration audits and cloud design reviews.
• Analyze and present results of testing to team members, managers, and customers.
• Write detailed problem reports, test plan documents, and mitigation recommendations as needed.
• Develop tools to aid penetration test automation and effectiveness.
• Review code for common security vulnerabilities.
• Possible travel to client sites to conduct in-person security reviews and assessments (travel is very limited, up to 2 to 3 times a year at most for up to 5 business days to client sites to conduct in-person security reviews and assessments. Company has clients throughout US so travel could be anywhere in US).

Other Special Skills or Requirements:

• Education: Master’s degree in Information Security, Computer Science or related field
• Experience in conducting penetration tests for high profile customers or products
• Experience working in R&D teams on fast paced, and high impact projects
• Experience in writing and reviewing technical reports on vulnerabilities findings
• Experience in communicating with clients about discovered vulnerabilities and participated in kick-off meetings
• Knowledge of common application security bugs, attack types, and mitigation strategies
• Knowledge of reverse engineering techniques
• Knowledge of creating cyber risk and threat modeling
• Knowledge of applied and theoretical cryptography
• Basic knowledge of Post-quantum Cryptography and NIST Post-quantum Cryptography Standardization
• Solid understanding of networking fundamentals
• Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming
• Knowledge of cloud infrastructure and performing cloud configuration reviews
• Demonstrate an ability to code in one or more languages
• Basic understanding of Mobile security testing tools
• Knowledge of reverse engineering malwares including unpacking and bypassing obfuscation and conducting forensic analysis
• Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg
• Ability to conduct research on a technical topic and deliver presentations for a technical audience
• Demonstrate strong interpersonal and communication skills.

 Security Innovation is proud to offer the following:

 • Competitive salary and equitable salary structure

 • Flexible work from home and remote options

 • Unlimited paid time off, mental health days, and 12+ company holidays

 • Comprehensive Health, Dental, and Vision insurance options

 • Flex Spending and HSA options

 • 401k with immediate vesting and up to 6% match

 • Generous professional development budget

 • Professional certification, training, and conference opportunities

 • Ample engineer hardware budget

 • Culture focused on health & wellness, diversity, equity, and inclusion

Security Innovation, Inc., 187 Ballardvale St, Ste A195, Wilmington, MA 01887.