DFINITY is reimagining the Internet as a public network that hosts secure software and services. The Internet Computer is a new technology stack that is unhackable, fast, scales to billions of users around the world, and supports a new kind of autonomous software that promises to reverse Big Tech’s monopolization of the internet. DFINITY was founded in 2016 by Dominic Williams and is backed by top-tier institutions including Polychain Capital and Andreessen Horowitz.
Applications Security - This team is responsible for the establishment and maintenance of software assurance practices within DFINITY that allow continuous delivery of secure embedded systems and applications. We are now looking for Security Engineers to join this team and work in one or more of the following areas: Automation, Platform Security and Vulnerability Research.
In this key position, the Application Security role will…
- Conduct threat modeling, design reviews code reviews and dependency analysis for software services, APIs, infrastructure components, and tools.
- Build attack trees, perform taint analysis, analyze exploitation path and assess overall risk of software and infrastructure components
- Perform vulnerability and functional security testing. Ability to work with SAST, DAST, IAST & SCA tools.
- Develop tools and automate security testing and other repeatable software assurance tasks
- Analyze vulnerabilities, rate their severity, propose, review fixes and manage the remediation process.
- Collaborate with engineering/development teams to evolve SW assurance process to address security risks, identify and eliminate bugs that may have been missed in the review process.
- Use Everything-As-Code methodologies to ensure traceability, configurability, immutability, repeatability, and governability.
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics.
- Bachelors or Masters in Computer Science or Engineering with an emphasis in Information Security or a related field, or equivalent experience.
- 5 years developing, architecting, and implementing, industrial or embedded class security solutions.
- 5 years of experience in software security analysis, code auditing, and product reviews.
- Considerable expertise or experience in at least one of following security domains (Threat Modeling, Offensive Red Teaming or Penetration Testing, Authentication & Public Key Infrastructure (PKI), Vulnerability Management, Data Security or Cryptography)
- Able to write clear and consumable documentation
- Active engagement and contributions to the cybersecurity community via security related forums, blogs, attending security conferences, white papers, etc.
- Strong collaboration skills working cross functionally with internal and external customers
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.