Security Research Lead CA0004

Full Time
Campbell, California
report a problem
Overview
The Security Research Lead will design, plan, implement and maintain automated testing algorithms for finding security vulnerabilities in web applications. S/he will seek new initiatives and improvements in order to reach the highest level of functionality, performance and efficiency. S/he will foster collaboration within SpiderLabs on research projects. S/he will build, support and enhance programming for the DAST. S/he will research the web to create new testing plans for the engine. S/he will research new vectors and will incorporate them into DAST. S/he will maintain visibility as researcher on external researcher lists, blogs, whitepapers or conferences talks. S/he will research current and new web applications to minimize attacks and threats. S/he will demonstrate impact on teams outside of SpiderLabs during feature design with engineering. S/he will collaborate on development initiatives and meet the delivery timelines of those initiatives. S/he will track work plans and collaborate on projects with partnering teams. S/he will work within a team focusing on tracking new web application vulnerabilities, identifying how those vulnerabilities are exploited, and writing code that detects the presence of or exploits those vulnerabilities. S/he will coordinate activities of 1-3 junior Security Researchers on a peer level. 

REQUIREMENTS: 
Bachelor's degree or foreign equivalent in Computer Science, Information Technology, Information Systems, or related, plus 5 years in Web Application Security. 

Additionally, the applicant must have professional experience in:
  1. Using browser technologies and Mozilla internals to develop checks for Web Applications Vulnerabilities for the DAST tool; 
  2. Developing web applications using web technologies for the browser including HTML, XML, and CSS; 
  3. Performing Python, JavaScript, DOM access and event-driven programming; 
  4. Managing team repositories and branches using source control systems including CVS, SVN and GIT; 
  5. Managing product build systems using Jenkins; 
  6. Implementing and writing attack vectors for the Open Web Application Security Project (OWASP) Top 10 attacks category; 
  7. Applying HTTP protocol knowledge in development and debugging environments to detect security issues; and 
  8. TCP/IP network protocols to upgrade and create new attack vectors. 
Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.
 
 
To All Agencies:
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.



Share this job:

Trustwave

FIGHT CYBERCRIME. PROTECT DATA. REDUCE RISK.
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

Specialties
information security, regulatory compliance, computer forensics, managed security services, Secure Web Gateway, application security, penetration testing, incident response, data loss prevention, SIEM, PCI DSS solutions, Web security, cloud security, cloud compliance
Visit Trustwave's Social Media pages:
Company Industry: Computer & Network Security
Company Type: Privately Held
Company Size: 1,001-5000