Lead Application Security Researcher

Description:

Job Title: Lead Application Security Researcher (Fortify) in Ottawa/Richmond Hill/Waterloo, ON - Hybrid

About Our Team

OpenText Software Security Research (SSR) Team specializes in approaching security from the perspective of how we build and use software. Our team is responsible for conducting security research which leads to enhanced security products as well as contributions to the Security Research Blog, whitepapers, conference presentations, and Cyber Risk Report. Furthermore, our team has identified new types of software vulnerabilities, defined the taxonomy used by all Fortify products, and highlighted broad security problems in development practices.

Fortify SSR is seeking a self-driven enterprise Lead Software Security Researcher who understands that security is more than firewalls and encryption.

Your Impact

A Software Security Research role at OpenText is more than just a job; it's an opportunity to impact safety, security, and lives. As a key contributor, you will understand a wide range of application security research techniques, programming languages, standards, best practices, and vulnerability types. You will be involved in monitoring the state of industry by working collaboratively with internal teams, SMEs, external customers, auditors, and other stakeholders while defining the next generation of vulnerability techniques. You will be encouraged to cultivate an engineering and researcher mindset, driving innovative security solutions and processes that address real-world problems and shape the future.

What The Role Offers

As a Lead Security Researcher, you will:
 

• Create algorithms to help people find potential vulnerabilities in their code
• Finding 0 days in open-source projects and customer code
• Investigating and implementing techniques to exploit security vulnerabilities
• Discovering new methods for automatic identification of vulnerabilities
• Extracting the essence of known vulnerabilities to shape products of the future
• Help educate and evangelize security best practices to users and those around you
• Publishing and presenting Fortify’s research and other relevant security topics
• Keeping up with and assessing the latest trends in software security
   

What You Need To Succeed
 

• Master’s or PhD in relevant Computer Science, Cyber Security, or Engineering program with 3+ years of experience in a security engineering role, or in a software development role with a strong focus in enterprise security
• Alternatively, a Bachelor’s degree with 5+ years of relevant application security experience
• In-depth understanding of mobile and/or web enterprise application programming languages (e.g. Java, Kotlin, Swift, Objective-C, C#)
• Extensive experience with common software security flaws
• Excellent analytical and problem-solving skills
• Strong technical communication skills with the ability to effectively communicate product architectures and design proposals
• Interest in software security and secure development
   

Nice To Have
 

• Proficient in multiple additional programming and scripting languages (e.g., Go, C/C++, Scala, Python, JavaScript)
• Source code auditing experience (especially Fortify SCA)
• Experience working in a large enterprise software development environment (e.g., agile, scrum)
• Data science or AI experience