Login
Register
facebook
07989475537
Menu
About Us
Industry Sectors
The Team
Jobs
Events
Privacy Statement
Login
Register
Job Search
Any Type
Permanent
Contract
Any Discipline
Business Continuity
Business Risk/Compliance
IT Audit
IT/Information/Cyber Security
Information/Business Risk
Developers/DevSecOps
Sales
Any Location
Berkshire
Bristol
Buckinghamshire
Cambridgeshire
Cheshire
Cornwall
Cumbria
Derbyshire
Devon
Dorset
Durham
East Sussex
East Yorkshire
Essex
Gloucestershire
Hampshire
Hertfordshire
Kent
Lancashire
Leicestershire
London
Lincolnshire
Manchester
Middlesex
Newcastle upon Tyne
Norfolk
Northamptonshire
Nottinghamshire
Oxfordshire
Shropshire
Somerset
Staffordshire
Suffolk
Surrey
West Sussex
Warwickshire
Bedfordshire
West Midlands
West Yorkshire
Wiltshire
Worcestershire
Scotland
Wales
Denmark
Qatar
New Item
Anywhere in the UK
Home
M25
Sorry, this advert is now closed. Click
here
to view our live vacancies.
Senior Security Research Engineer
-
City of London
IT/Information/Cyber Security
Ref:
115
Date Posted:
Saturday 24 Sep 2022
Title: Senior Security Research Engineer
Reference No: 2125
Company: Financial Services
Location: City of London – Hybrid working
Reports to Head of Security Research
Salary: £80,000 - £110,000
Benefits: Generous
No. Required: 2
Start Date: ASAP
The Role
We are looking for a Senior Security Researcher to join an amazing group of technologists to contribute to Corda, Corda Enterprise and other products in the Corda ecosystem.
The role will revolve around securing the Corda platform, by undertaking vulnerability assessments, conducting security research and contributing to all stages of the secure development life-cycle.
This will require collaborating with the engineering team to understand the development process, and supporting development using threat modelling, architecture and design.
You will have a history of conducting application vulnerability assessments and will be able to clearly communicate your findings through report writing and close collaboration with the engineering team. Ideally you will have some knowledge of the secure development life-cycle and software engineering principles. You can work independently to research a problem domain to gain insight and subsequently deliver the work and solve the problem. You will be comfortable getting into the guts of a complex distributed system and be able to conceptualise its operation at many levels. Most importantly you are excited and motivated by the challenge of solving hard problems in a way that delivers to clients and delights them.
Responsibilities
Perform vulnerability assessments of the Corda platform under limited guidance of the Head of Security Research.
Conduct security research to identify novel threats and mitigations that may impact the Corda platform.
You will support the Engineering team by:
Educating and mentoring the team on relevant attacks, defence, mitigations and tooling
Contribute to secure software development design guidance that addresses both the security and business needs
Review source code to support the delivery of software
Undertake threat modelling sessions and use advanced judgement to contribute to software designs.
Support research and evaluate the state of the art within the distributed ledger space.
Requirements
First and foremost we want you to love what you do. You will be a security evangelist beginning to have recognition as a subject matter expert within R3 and the external community of Corda participants, both current and future.
You'll have five or more years experience in a direct information security role, with at least three of those specialising in application security assessment using your advanced knowledge of the security landscape to create incremental value to the Corda platform. We'd love to see evidence of other experience too, you might have been a developer or network operations engineer in a previous life.
We believe that we work better as a team, and hope you share that belief. You have experience leading small teams and providing mentoring and guidance to junior engineers so they can meet their career aspirations and make meaningful contributions. You'll be working in a diverse group of people with a variety of skills and backgrounds where your high level of emotional intelligence and influencing techniques can generate enthusiasm for your suggestions and recommendations for improvements.
You'll need excellent communication skills, both verbal and written. You'll be happy presenting to the company at all-hands meetings or explaining the impact of vulnerabilities you identify to a range of stakeholders. Regular collaboration with management and peers mean you contribute to tactical planning and solving complex challenges.
Desired Skills
The Senior Security Research Engineer will have “practitioner” level skills in software development security, security architecture and engineering and security assessment and testing. They will also have competence in one or more of: communication and network security, identity and access management (IAM) and security operations. See Security Team Specialisations and Competencies for further details.
The Senior Security Research Engineer will be expected to demonstrate:
Good understanding of standard security vulnerabilities and their standard fixes and mitigations
Ability to identify security issues at different stages of the SDLC - from architecture & design through to implementation
Experience performing dynamic analysis of software using debugging tools
Expertise in Java, Kotlin, or a similar high-level language
PKI and Cryptography
In-depth knowledge of Java and JVM internals is beneficial
Reverse engineering experience
Experience solving Capture-the-Flag challenges is a bonus!
Develop tools to support vulnerability analysis
Excellent written and verbal communication skills, including the ability to convey highly technical information to non-technical audiences.
Build relationships with engineering teams to improve product security
Using revision control system