Senior Engineer - Security Platform, Accuracy and Speed
Contrast Security
2d ago

Contrast Security named to Inc.'s Best Workplaces of 2020 Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software.

Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts.

Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.

About the Position At Contrast, we make application security smart and simple for software teams. But simple is not easy, and the struggle is real.

We are looking for a Senior Engineer to lead our AST Accuracy and Performance test initiative. You’ll build the infrastructure to monitor the security output from our platform, then lead the efforts to constantly move the needle, keeping us at the forefront in vulnerability analysis while monitoring and troubleshooting the accuracy and speed of our platform.

Working across multiple engineering teams, product management, security research and reporting to the engineering leadership, you must be technical and hands on in your approach, while confident and persuasive in your communication style.

What you’ll do :

  • You have three primary responsibilities :
  • Scanner Accuracy + Speed - Derived From An Automated Test Framework

  • Lead our accuracy measurement - pushing the boundaries of what we can measure and record.
  • Design and (with assistance) construct a test framework involving multiple known sample apps with vulnerabilities for each target language we support.
  • Using the automated framework, monitor and analyse the output - are the results accurate, precise, are they generated in a timely manner?
  • When there is an issue - what caused it? Too many false positives - is that a rule which is not fully described?

  • You’re probably an expert in secure development techniques. But if not, then we’ll help you become one - a huge part of the role is to understand how and why code is vulnerable and how we can automatically detect that.
  • Report to key stakeholders on the ongoing results of the analysis of these sample vulnerable apps. Cherish the improvements, and flag any degradation to the appropriate teams for action.
  • Scanner Accuracy + Speed - Derived From Customer Reported Issues

  • Triage incoming requests from Beta Partners. Review logging and other collected data in the context of the customer environment (language, framework, application) being scanned and determine if there is an issue and what it’s source is :
  • Code defect in our scanner (for example - long running scan) - SAST rules issue (for example - false positives) - An external factor such as an orchestration platform issue
  • Work with engineers from each team to describe the problem, reproduce it and empower them to address it, as well as build automations in order to avoid it happening again.
  • Results Correlation

  • Examine and compare results from IAST and SAST. Understand the relationship and the confidence with which our platform can make a recommendation from the source data.
  • What you’ll bring :

  • 5+ years of developer experience across a range of languages, including but not limited to Java, .Net, Node, Ruby and Python.
  • Have excellent development skills, being able to switch between languages and projects.
  • Experience building and operating test frameworks.
  • Experience designing DevOps or security software with a wide range of integrations in a full lifecycle delivery environment.
  • Outstanding communication, presentation and leadership skills.
  • Excellent organizational and time management skills.
  • Sharp analytical and problem-solving skills, detail oriented.
  • Experience with Atlassian, JIRA and Confluence.
  • Creative thinker with a vision.
  • Experience in identifying and managing risks.
  • What We Offer

  • Competitive compensation package (salary + equity)
  • A fun and dynamic environment where you work with other like minded people on products which make a real difference to the security of our customers
  • Free in-office lunches every day
  • Healthcare packages
  • We are changing the world of software security. Do it with us. We believe in what we do and are passionate about helping our customers secure their business.

    If you’re looking for a challenge and want to enjoy where you work, you’ll love Contrast Security. Contrast Security is committed to a diverse and inclusive workplace.

    Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles, and locations.

    By submitting your application, you are providing Personal Information about yourself (cover letter, resume, email address, etc.

    and hereby give your consent for Contrast Security, Inc. and / or our HR-related Service Providers, to use this information for the purpose of processing, evaluating and responding to your application for current and future career opportunities.

    If you are a resident of the European Economic Area or are applying for a position in the European Economic Area, Contrast’s Privacy Statement reflects our policies around compliance with the General Data Protection Regulation ( GDPR ) and your rights respective to GDPR.

    Contrast Security is an equal opportunity employer and our team is comprised of individuals from many diverse backgrounds, lifestyles and locations.#LI-ST1

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form