All Positions

Security Researcher

Engineering, Research
Tel-Aviv, Israel

Job Description

We are looking for a skilled researcher. You will be responsible for analyzing threats and attacks on software supply chains, analyzing available security controls, and devising security solutions. 

Your tasks begin with exploration and problem identification and definition and end with technical specifications and proof-of-concept software and algorithms.

Security research includes both analytical and hands-on research.

 

What are some of the things you do on a day-to-day basis?

  • Securing softare-supply-chains requires deep understanding of threats and security technologies; your job will include security analysis of various types:
    • Threat modeling of software-factory models.
    • Analysis of solutions for such threats.
    • Analyzing published attacks (both high-level, based on published articles, and low-level sample-based analysis).
    • Develop PoCs: demonstrate the protection provided by Scribe-products, demonstrate innovative security solutions.
    • Outcomes: PoCs, analysis documents, requirements specifications.
  • Software-supply-chain-security is a rapidly evolving field. As such, standards, frameworks, regulation and open-source projects are continuously developing; your job will include analyzing such policies\artifacts:
    • Analysis of their security values and tradeoffs.
    • Implementation analysis: how can Scribe implement and utilize these policies and artifacts.
    • Develop PoCs of such implementations both as internal demos and as customer facing demos – tailoring a PoC to specific customer needs and constraints.
    • Outcomes: PoCs, analysis documents, requirements specifications.
  • Securing the software-supply-chain requires integrating with software development and CI\CD technologies; your job will include analyzing such integrations:
    • Analyze the security-value that can be gained.
    • Implementation analysis: in what ways can Scribe implement such integrations, tradeoff analysis.
    • Develop PoCs.
    • Outcomes: PoCs, analysis documents, requirements specifications

 

You will fit if you have:

  • At least 4 years of security research\security engineering experience:
    • Analysis of systems security
    • Securing complex modern systems
    • Research of widespread IT and security technologies
    • Development of a proof of concepts.
  • Deep understanding of IT and software technologies: cloud, containers, Kubernetes, and security technologies.
  • Deep understanding of software development and production: developing processes, programming languages, operating systems, build systems, delivery processes, and tools.
  • Hands-on experience in programming (preferably Golang).
  • Strong problem-solving skills.

 

It would be nice if you have:

  • DevOps, DevSecOps, programming, and software development experience.
  • BSc in Computer Science, Engineering, or relevant field.

 

At Scribe, we care a great deal about our company culture. You fit right in if:

  • You care for others: you are down-to-earth, friendly, and fair.
  • You are trustworthy: you honor disclosure, integrity, and commitment.
  • You drive change: you make waves with courage and curiosity.
  • Learning & growth mindset: you foster agility, personal growth, and trying again.
  • Masters of your own craft: you take pride in thinking out of the box, excelling at whatever you do, and managing your time well.

Apply for this position

Please take a moment to tell us about yourself and we'll be in touch