We are looking for a skilled researcher. You will be responsible for analyzing threats and attacks on software supply chains, analyzing available security controls, and devising security solutions.
Your tasks begin with exploration and problem identification and definition and end with technical specifications and proof-of-concept software and algorithms.
Security research includes both analytical and hands-on research.
What are some of the things you do on a day-to-day basis?
- Cybersecurity analysis
- Analyze cyber-security of generic and vendor-specific software-supply-chain components
- Analyze cyber-security of generic, programming environment-specific, and customer-specific development environments.
- Analyze cybersecurity regulations and standards.
- Compliance analysis, threat analysis, and low-level, hands-on system and services analysis.
- Analyze Design cybersecurity solutions
- Best-practice-based solutions.
- Proprietary solutions
- Produce requirements, overlook their secure implementation, analyze and devise trade-offs due to real-world constraints.
- Implement proof of concepts of threats, vulnerabilities, and full solutions.
- Research software-supply-chain attacks
- Grasp the overall scene
- In-depth analysis of attacks
- Demonstrate (hands-on) attacks
- Manage the attack-history knowledge base and communicate the knowledge to product, marketing, and development teams.
- Research development environments
- Understand the development flows, project structures, dependency handling.
- Analyze ramifications, trade-offs, and potential pitfalls when securing such environments.
- Collaborate with product managers and other engineers to achieve the best solutions.
You will fit if you have:
- At least 4 years of security research\security engineering experience:
- Analysis of systems security
- Securing complex modern systems
- Research of widespread IT and security technologies
- Development of a proof of concepts.
- Deep understanding of IT and software technologies: cloud, containers, Kubernetes, and security technologies.
- Deep understanding of software development and production: developing processes, programming languages, operating systems, build systems, delivery processes, and tools.
- Hands-on experience in programming (preferably Golang).
- Strong problem-solving skills.
It would be nice if you have:
- DevOps, DevSecOps, programming, and software development experience.
- BSc in Computer Science, Engineering, or relevant field.
At Scribe, we care a great deal about our company culture. You fit right in if:
- You care for others: you are down-to-earth, friendly, and fair.
- You are trustworthy: you honor disclosure, integrity, and commitment.
- You drive change: you make waves with courage and curiosity.
- Learning & growth mindset: you foster agility, personal growth, and trying again.
- Masters of your own craft: you take pride in thinking out of the box, excelling at whatever you do, and managing your time well.