Senior Security Engineer

San Francisco, CA | Engineering

Job Description

About Us:

NCC Group Domain Services was founded by a group of Internet security experts to deliver real-world solutions for securing the Internet. Our premier offering is the .trust Top-Level Domain, developed to provide enforceable Internet security through three core principles: verify, secure and enforce.

NCC Group Domain Services is privately held with its headquarters in San Francisco, Calif. and is part of NCC Group plc (LSE: NCC).

As a security engineer you should be able to absorb new technologies and determine how to test them for vulnerabilities quickly and to maximum effect. You should have the ability to drop into a network, compromise systems, traverse network segregation and chain vulnerabilities to gain Domain Admin or gain access to critical Linux, UNIX or other proprietary system. In general your infrastructure, protocol and networking ability should be strong and well-practiced. You should be able to carry out static code analysis using manual and automated techniques in a variety of languages. You should be able to disassemble binaries, trace program flow, extract clear text data and recognize where encryption techniques are in use.

Like to write your own tools? Then you’ll fit in well with us! Whether it’s a quick and dirty python harness or something more robust, we encourage our engineers to regularly write custom tools to carry out security testing.

Responsibilities:

  • Implement and manage security vendor technologies that provide detective and preventive capabilities including: Vulnerability scanners, endpoint security, intrusion detection, SSL VPN network forensics, content detonation, network and application firewalling, change detection, and Security Event Management.
  • Constantly question existing security practices and routines, and update, replace or automate them
  • Audit infrastructure, software, and configuration to prevent and correct vulnerabilities

Requirements:

  • Bachelor's degree in Computer Science / Engineering or equivalent experience
  • 2-3 years experience in Information Security
  • Competency in Shell, Ruby, Perl or Python for automation is desired.
  • Solid understanding of web services architecture and commonly employed technologies
  • Excellent verbal and written communication skills.
  • Deep expertise in information security theory and practice, with specialization in at least one of:
    • Network security
    • Web application security (esp. Ruby/Rails)
    • Sandboxing untrusted code
    • Linux userland security
    • Linux kernel security
    • Cryptography
Apply Now
for this Job
Spread the Word
Not the right job?
Describe your perfect job
Join our Talent Network »