Department Overview:
The Product Security team is responsible for the overall security of all Symantec products. The team is responsible for training Symantec engineers on secure coding and how to test software security, creating application threat models, evaluating and purchasing security tools, promoting security events inside the company, presenting external talks about security to the government, universities and conferences, performing application security assessments and assisting teams responding to externally discovered vulnerabilities. The team is under the office of the CTO.
Job description:
This position requires the candidate to be a champion of best secure coding practices. Day to day activities include conducting threat model creation sessions, performing very complex code reviews, developing security tools, teaching security classes and performing black box penetration tests. Candidate must be able to travel 8% to 20% of time.
The ideal candidate has the mindset to think like a malicious user and can quickly create and understand sophisticated attack vectors. The candidate is then able to clearly and persuasively present the findings to project stake holders.
The person must appreciate working on an extremely dynamic, fascinating and highly technical world of computer security in one of the most respected security companies in the planet.
• Is a creative and independent thinker.
• Has the ability to work minimum supervision. Is able to complete highly technical assignments.
• Leads by example
• Anticipates future technical needs then develops long-range strategies to reach technical goals.
• Is curious and always wonder how things really work.
• Mentors less experienced developers in advanced concepts. Reviews, designs, and implements plans to develop less skilled team members.
• Anticipates and identifies problems then provides sound alternative solutions
• Likes to learn. Is hungry for knowledge.
5+ years of experience in commercial software development. Very solid computer science background (MSCS desired), including deep understanding of computer architecture, assembly language, compilers, C/C++, Windows and Unix, HTTP, SQL, JavaScript, AJAX and SOAP. Candidate must be very knowledgeable about secure coding best practices, encryption algorithms, network protocols and understand how security is part of the entire development life cycle. Experience with fuzzing tools, exploit frameworks, code analysis tools and network sniffers are highly desired. Candidate must have proven experience delivering at least two consecutive releases of a large, commercial software product.
Candidate must be comfortable lecturing classes on security topics to a large audience of very senior software developers and QA analysts. She/He needs to be able to inspire and motivate developers to always raise the bar on security and have genuine passion for this important topic. Willingness to write papers and perform presentation on security conferences on is desirable.
Candidate must be comfortable lecturing classes on security topics to a large audience of very senior software developers and QA analysts. She/He needs to be able to inspire and motivate developers to always raise the bar on security and have genuine passion for this important topic.
5+ years of experience in commercial software development. Very solid computer science background (MSCS desired),......
Candidate must be comfortable lecturing classes on security topics to a large audience of very senior software developers and QA analysts. ......