Fortinet is developing cloud-enabled services that perform penetration testing and continuous application security testing through an intensive process of comprehensive and criteria based automated static and dynamic scanning and analysis.
The Security Researcher will be part of this exciting development and will be working with a strong technical team of worldwide security experts.
The successful candidate should meet our job requirements. This individual is someone who is passionate about web and code security.
- Perform research on static and dynamic analysis scanners, how to configure and optimize their setup to provide best coverage.
- Understand and translate analysis scanner output to comprehensive messages to be displayed to end user.
- Process analysis scanner data automatically to minimize user interaction.
- Able to design, implement, and maintain automated translation scripts.
- Participate in code reviews to ensure software code quality, testability, maintainability and function usability.
- Perform research and understand different type of software vulnerabilities in different popular web programming frameworks and able to translate them into detection patterns.
- Develop exploit signature in proprietary description language.
- At least 2-6 years of relevant working experiences.
- Knowledge of network protocols, network technologies and Linux systems administration.
- Experience on SAST/DAST scanners is preferred.
- Outstanding verbal, written communication and presentation skills.
- Proven analytical and problem-solving skills.
- Must be self-motivated, innovative, hands-on and a good team player.
- Strong will to learn new things and passion to explore new ideas.
1. Bachelor or Master of Computer Science or Electrical/Computer Engineering
- The team requires someone with the right technical security skills and knowledge that is able to understand common type of software vulnerabilities and then translate these vulnerability descriptions into understandable verbiage and detection patterns used by FortiDevSec.
- The candidate should be able if required to also integrate these detection patterns to an exploit signature that can be consumed by other Fortinet products and services like FortiPentest.