Principal Security Response Analyst (Programming and Debugging) (Open) - Waterloo, Ontario
BlackBerry is passionate about Security, are you?
Do you want to work in a team where Security is the number one priority and not just an afterthought or cost to the company? Come and join an amazing team of super passionate security folks in a challenging and fun environment where security truly is a top priority. This highly visible team impacts top-level decision making and is constantly being recognized for its outstanding capabilities and accomplishments, especially to our most notable customers.
If you are ready to bring your tool box, make an immediate impact and most importantly love what you do, then this is the place for you!
The security of BlackBerry products has always been among their strongest selling point, and BlackBerry strives to provide the most secure, trusted solutions possible. To continue our tradition of excellence, we are looking for individuals in the security space who are technically skilled, knowledgeable, passionate, and experienced to join BlackBerry. This is an opportunity to work for an industry leader in product security, and arguably one of the most interesting areas in computer science.
The BlackBerry Security Incident Response Team (BBSIRT) is a center of excellence working to ensure the ongoing security of our products and services for customers and partners worldwide.
We are currently looking for security minded individuals to support our comprehensive efforts to respond to emergent cyber-threats or incidents involving BlackBerry products and the products of our consulting partners and subsidiaries. The successful candidate will work in a fast paced, highly dynamic and challenging environment and will work with various teams across the organization to support vulnerability mitigation efforts, from identification of potential issues to analysis, mitigation and related communications. The technical and threat landscape change constantly and this position would suit someone willing to learn continually while working on cutting edge technologies and handling multiple priorities.
The ideal candidate will already be able to build and manage relationships in a large, complex ecosystem but must be willing to grow this experience. The role centers on solving problems at the intersection of technology and people.
- Identify, track and report on emergent threats to the security of BlackBerry products, associated companies and customers.
- Work with research and engineering teams to provide in-depth technical analysis of security issues and work across the organization to support and ensure holistic remediation efforts. These are often time critical.
- Triage code defect based issues and quantitatively evaluate risk using industry standard metrics such as CVSS.
- Prioritize and coordinate case-specific response activities, driving timely and appropriate remediation of issues. Reporting the problem is not enough; solutions should be offered.
- Track and report on remediation efforts
- Cultivate strong working relationships with external researchers, reporting organizations and customers to ensure effective collaboration. Work with customer facing and internal teams to continually improve processes used to identify and fix product security issues
- Continually deepen knowledge and skills in support of maintaining the security of BlackBerry customers.
- Create effective communications for internal and external customers, working with others to ensure professional and accurate information delivered.
ESSENTIAL SKILLS AND QUALIFICATIONS
- Strong system level Java/C++ programming and debugging experience
- Ability to analyze code behavior down to assembly level language
- Able to track and manage numerous parallel activities
- Holds a Bachelors degree, Masters degree or equivalent in a computer science/engineering or related field
- Understands common classes of product security vulnerabilities and attack/defense methodologies deeply
- Knowledge of the architecture of at least one common OS such as Android, Linux, Windows.
- Knowledge of application security configuration and best practices
- Firm grasp of secure software development lifecycle
- Experience with issue management as well as designing/defining proactive mitigation strategies
- Strong written and verbal communication skills with both technical and non-technical audiences
- Demonstrates advanced analytical skills
- Cool under pressure, objective and diplomatic
- Able to work collaboratively with minimal supervision as part of a multi-disciplinary team
- Some knowledge of wireless communications security (802.11, Bluetooth, cellular data etc)
- Personable – some customer contact will be needed
- CISSP or similar desirable but training can be provided
- Assembler and/or reverse engineering experience
- Ability to create proof of concept exploits for common types of vulnerability
If you're driven to take mobile and embedded technologies to the next level, it's time you join the team at BlackBerry. We offer a challenging environment that fosters creativity and rewards excellence. Employees also have use of our award winning BlackBerry technology.
Job Family Group Name: Product Development
Scheduled Weekly Hours: 40
We are BlackBerry, a global mobile communications leader who revolutionized the industry with its introduction in 1999. Today, BlackBerry’s products and services, from messaging to enterprise mobility, are relied on by millions of individuals every day to securely and efficiently connect them to the content and people that matter most. At BlackBerry our instinct for innovation is relentless, so as we continue to push the boundaries of mobile experiences, we continue to drive the talent, passion and creativity of our employees.
©2017 BlackBerry. All right reserved. BlackBerry® and related trademarks, names, and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world.
It is the policy of BlackBerry to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, creed, religion, national origin, alienage or citizenship, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law.
EEO Minorities/Females/Protected Veteran/Disabled
Software, CyberSecurity Services, Enterprise Mobility Management, Enterprise File Sync and Share (EFSS), and Internet of Things (IoT)
Company Type: Public Company
Company Size: 5,001-10,000