IC Resources Ltd

Security Engineer

£55000 - £60000 per annum + depending on experience + benefits
13 Oct 2017
19 Oct 2017
Seamus Hayes
Specialist Area
Software, Systems
Contract Type
Full Time
Security Engineer
Up to £60k depending on experience + benefits

I have an urgent requirement for a Security Engineer to help protect and enhance the security of our Cambridge based client's products and services.

You will be joining an established security team and will drive the security response process for products and you will also be involved in a range of secure product development, security automation and security certification projects that cover world-wide engineering teams.

The role will be primarily focused on technical threat, vulnerability and exploit analysis of products and technologies.

Required skills:

*Hands on experience performing application level security reviews of complex C/C++ applications. Candidates must also have a good working knowledge of the typical tools, technologies and processes adopted by commercial software development teams.
*Ability to take a structured approach to decomposing a complex distributed system in order to understand the effective attack surface and provide informed and well balanced guidance on areas of risk and available options to improve the overall security posture.
*Detailed low level insight into the internal architecture, data flows, security mechanisms, applicable security boundaries, and Kernel/user level APIs of at least one current operating system.
*Demonstrated ability to derive and apply creative techniques to discover, exploit or remediate potential security vulnerabilities.

Any of the following additional skills and experience would be desirable:

*Hands on experience with the Xen Hypervisor and a detailed knowledge of the supporting hardware virtualisation technologies provided by current CPUs. Experience identifying, analysing, or exploiting Hypervisor threats and vulnerabilities would also be highly beneficial.
*Experience developing commercial or open source software in C/C++, .Net, or Java.
*Experience with a commercial product security response process, including activities such as exploit creation, vulnerability root cause analysis, and providing code or architecture level guidance to engineering teams on effectively mitigating any identified security risks.
*Experience defining or executing a product secure development lifecycle (SDLC) process, including activities such as threat modeling, application level security testing, secure design and code reviews.
*Experience with automated security analysis methods and tools, including hands-on experience developing custom analysis tools to identify potential vulnerabilities using methods ranging from basic fuzzing through to code level static analysis.
*Detailed knowledge of common networking protocols such as TCP/IP, UDP, HTTP, TLS, Kerberos, and their associated security considerations.

To apply or for further information please contact Seamus Hayes at IC-Resources

Keywords: Security, Cambridge, C/C++, Kernel, Xen, Hypervisor, Java, Networking