Fortinet is developing cloud-enabled services that perform continuous application security testing through an intensive process of comprehensive and criteria based automated static, dynamic scanning and analysis.
The Security Architect / Researcher will be part of this exciting development and will be working with a strong product and technical team of worldwide security experts.
The successful candidate should meet our job requirements. This individual is someone who is passionate about web application and code security.
The candidate will be reporting to Product management, which would allow him to define the strategy and the direction of the product, but also work closely with the development in many of the implementation details of these scanners.
- Perform research and overall product direction on static, dynamic analysis, SCA, containers, IaS and many other types of security scanners – select, configure and optimize their setup to provide best coverage.
- Understand and translate analysis scanner output to comprehensive messages to be displayed to end user.
- Process analysis scanner data automatically to minimize user interaction.
- Able to design, implement, and maintain automated translation scripts.
- Perform research and understand different type of software vulnerabilities in different popular web programming frameworks and able to translate them into detection patterns.
- Develop exploit signature in proprietary description language.
- Understand come up with risk rating methodologies
- At least 10 years of relevant working experiences.
- Expertise in Application Security Scanning– SAST, DAST, SCA/OSS, container, IAC scanners, etc.
- Very good understanding of the AppSec space and the different products in this space, and their comparative analysis.
- Understanding of DevOps tools like CI/CD, Docker, etc.
- Outstanding verbal, written communication and presentation skills.
- Proven analytical and problem-solving skills.
- Must be self-motivated, innovative, hands-on and a good team player.
- Strong will to learn new things and passion to explore new ideas.
- Bachelor or Master of Computer Science or Electrical/Computer Engineering
- The team requires someone with the right technical security skills and knowledge that is able to select the right kind of scanners we need to use, configure these scanners, understand common type of software vulnerabilities and then translate these vulnerability descriptions into understandable verbiage and detection patterns used by FortiDevSec.
- The candidate should have a high-level understanding of the different types of application security scans, different products in this space, and their comparative analysis.
- Address Sunnyvale, CA, USA
- Salary Offer $100.000 ~
- Experience Level Senior
- Total Years Experience 10-20