To address the scale needed by the rapid pace of software growth, companies need automated security tools that don't require lengthy manual analysis to sift out false positives. Our focus at ForAllSecure is to change how companies develop, test, and deploy software by building the technology to make cybersecurity autonomous.
Our platform Mayhem, a fully autonomous cybersecurity system, was built utilizing over 12 years of research out of Carnegie Mellon and developed by a team of some of the best hackers in the world. In 2016, DARPA hosted the Cyber Grand Challenge, the world’s first all-machine hacking tournament, in which Mayhem competed and took first place against industry and academia’s best challengers. Since then, we have been bringing this product to market. The Mayhem solution makes software validation testing radically simpler with a powerful combination of intelligent fuzzing, symbolic execution, and checking of static security indicators.
We are seeking exceptional candidates for our Analysis Engineering team to work on and enhance the analysis engine behind Mayhem for detecting bugs and security vulnerabilities. This is a very unique opportunity to work on a high-performing team focused on building cutting-edge technology and having a large-scale impact across government and industry customers. ForAllSecure values people and different perspectives, and we strive to build a diverse, balanced, and dynamic environment.
Currently Mayhem has found vulnerabilities in open source projects, components in aircraft systems, and well-known embedded devices. This is only the beginning as we are providing Mayhem to bring automation, usability, and scalability to today’s software security problems.
If you are someone who has a passion for writing the future of software security, this is the place for you!
Who we are
We truly and completely believe in the mission to make cybersecurity autonomous. We believe that software is eating the world, and is often the root cause for most cyber security issues. We are building products to fix the cycle between problem/fix so that it happens at machine speed, not human speed. To get there, we are engineering technology and products that are super-accurate, performant and scalable.
What you'll bring
- A passion for building innovative and easy-to-use tools for finding bugs, improving code quality and security, and enhancing the debugging experience
- Experience with systems-level programming in Linux
- Proficiency in C/C++ and Python development
- Knowledge of common compiler concepts: types, code generation, register allocation, stack frames, inlining, and control flow graphs
- Knowledge of binary execution formats, linkers and loaders, and executables
- Knowledge of Low-level operating system concepts (memory management, process lifecycle, I/O systems, etc.)
What you'll do
- Work on cutting-edge technology built to find vulnerabilities and shorten the cycle of identifying and fixing software flaws
- Collaborate with teammates both local and remote, through pull requests, in-person conversations, and Slack
- Develop new features, fix interesting bugs, write tests, and review your teammates’ code
- Collaborate with support engineers and customers to improve the security and quality of software in their ecosystem
- Build expertise and responsibility for specific components of Mayhem ecosystem
Bonus
- Background in vulnerability research or reverse engineering
- Prior experience with technologies in program analysis like fuzzing and symbolic execution
- Familiarity with modern exploitation techniques and mitigations/counter-measures.
- Experience with run-time analysis tools (such as Valgrind or LLVM sanitizers) and networking is a plus