Description:
As a Senior Security Researcher, your key area of responsibility will be utilizing programming tools to test devices, configuration, and code, providing risk assessments for vulnerabilities, and reporting on the overall quality of current security standards. You will need to work closely with Geotab software developers, the broader Security team, and global strategic initiative stakeholders.
To be successful in this role you will be a highly organized self-starter with meticulous attention to detail and the ability to engage with all levels of the organization. In addition, the successful candidate will have strong technical competence in security evaluation and research, with the ability to manage multiple tasks and projects simultaneously while delivering expert recommendations for process improvements.
How You'll Make An Impact:
- Leverages security expertise in Hardware and Embedded Development
- Conduct device, cloud infrastructure or web application and code testing for all systems and applications, open source dependencies, and provide analysis and risk assessments for vulnerabilities discovered
- Conducts focused information security research and makes recommendations on changes within department and company
- Utilize code analysis and fuzzing tools to assess the quality and security of source code
- Provide recommendations on tools to address any gaps in coverage as well as defining and implementing security technical and process improvements
- Contribute to secure device configuration, infrastructure design and coding standards (involves developing secure coding training for current and future developers)
- Conduct manual code reviews for all systems and code changes for a given device, system or application release, providing both a detailed risk analysis of the security posture of the code and technical programming solutions (secure coding standards) to the developers to mitigate insecure code from being implemented
- Provide reporting on overall quality of device, infrastructure configuration or source code from a security perspective by project/team (includes trend analysis, defects found, defects remediated, and time to remediate)
- Triages and handles/escalates security issues within area of expertise
- Support Geotab global strategic initiatives
- Participate in candidate interviews during hiring process
What You'll Bring To The Role:
- 8+ years of experience with security evaluation/analysis within a technical organization, including security code reviews and risk assessments
- 8+ years of experience performing hardware, infrastructure, or embedded development (e.g., Network protocol analysis, debugging, virtualization)
- Post-Secondary Diploma/Degree in Computer Science, Information Management, Engineering, or a related field
- Technical proficiency with Linux, Windows, and languages such as C, Rust, and Python
- Professional certification in Information Security (e.g., CISSP, CCSP, CSSLP, CEH, OSCP, OSWE) is highly valued
- Excellent verbal and written communication skills, with comfort delivering technical training and presentations
- Entrepreneurial mindset with the ability to stay organized and manage multiple priorities in a flat organization