Software Security Engineer
Security | Burnaby, British Columbia, Canada | Full Time
In 2004, Teradici set out to create the best virtual desktop and workstation experience in the world, and along the way we've enabled the most demanding use cases with requirements like top secret security, complex IT infrastructures, and intensive graphics performance. Our PCoIP technology fundamentally simplifies how computing is provisioned, managed and used.
With over 15 million endpoints deployed around the globe, we're no startup. Top government agencies, media conglomerates, production studios, financial firms, and design houses trust Teradici to support their need for secure, high-performance virtual desktops and workstations delivered from private data centers, public clouds, or any combination of both.
As a member of the Security team, the Software Security Engineer works closely with software developers, architects, product management and other Security Engineers to seek out security defects in our products and to help integrate tools into our build/development environments to ensure consistent application of security across the product portfolio. This role would focus on Teradici products developed using C/C++.
We value diversity and a wide range of experiences from our candidates and believe this makes our security stronger and our products better. Please, do not hesitate to apply even if you do not meet all the criteria. We will leverage your strengths, train your weaknesses, incorporate your differences, and adapt our approach for the right individual. Although this position is posted in Burnaby, BC we will be considering remote candidates for this role.
- Lead and mature our Fuzz Testing practice
- Perform technical security assessments, code audits and design reviews
- Identify, triage, and propose mitigation options for security vulnerabilities identified in Teradici products
- Help make security an integral part of our CI/CD pipeline
- Provide security guidance to both technical and non-technical audiences
- Build libraries and tools to make software built at Teradici secure by default
- Communicate Security risk to a technical audience
- Excellent C/C++ programming skills
- Familiarity with AARCH64 Assembly
- Extensive experience with coverage-guided fuzzing using tools such as AFL, libFuzzer, and other fuzzing engines
- Ability (or a willingness to learn) to integrate more “modern” fuzzing approaches such as evolutionary fuzzing, structure-aware fuzzing, symbolic execution into or fuzzing practice
- Familiarity (or willingness to learn) advanced fuzzing toolsets and frameworks (Mayhem, Manticore, Angr, etc.)
- Familiarity with static analysis security testing software (Findbugs, Coverity, Veracode SonarQube etc.)
- Reverse Engineering experience using tools such as IDA Pro, Radare2 and Ghidra
- Knowledge of secure coding practices, encryption standards, tools, and exploits
- Strong understanding of build environments and source code management systems
- Deep Linux/Unix systems experience
- Experience with scripting languages: Python, PowerShell, etc.
- Fluent in a strongly typed or functional programming language like Swift, Go, Kotlin or similar
- Experience in finding, responsibly disclosing, or resolving security vulnerabilities in open source software
- Successful track record of designing and implementing encryption-related technologies
- Familiarity with Infrastructure as Code technologies (e.g. Terraform, Ansible, Chef)
- Experience working with CI/CD pipeline tools like Jenkins, TeamCity, GitLab etc.
- Experience with a DevSecOps tools, processes, and culture
- Experience with Agile Software Development methodologies
- Secure products. You understand the importance of a secure SDLC and that this is not an afterthought once all the features are developed.
- Automate everything. You actively automate many manual tasks as possible so that these tasks can be repeated many times and allow us to scale.
- Self-managed teams. You hold yourself accountable for the full end-to-end lifecycle of what you are working on, from ensuring you are building something that will deliver customer value to getting it into customers' hands.
- Customer collaboration. You want feedback from customers to ensure your work is providing value and to enable you to iterate on that work.
- Tech-debt reduction. Software can live longer that you expect; therefore, you need to ensure it stays healthy and manage your technical debt accordingly.
- Collective ownership. You value contribution, wherever it comes from, and believe in peer review, continuous integration, test coverage and customer validation.
- We offer a competitive base salary, Employee Bonus Plan (company performance based) and stock option grants. Our health benefits and retirement savings contributions start right away – no waiting period! We also offer three weeks of vacation for the first year (accrued and increased annually, up to 20 days per year)
- We develop and nurture our employees to be their best and bring their authentic selves to every team interaction. We strive for a dynamic team environment that is transparent and allows everyone to contribute and be heard.
- The health and safety of our employees is our top priority. As a result of COVID-19, we have implemented a Work From Home initiative for all employees and we encourage our teams to stay connected virtually during this time.
- Once our office is open again, we are excited to offer:
- Monthly social events & activities
- Luxury shuttle service to and from the nearest SkyTrain station
- Underground and secured bike "cage"
- Fully equipped onsite gym, Basketball, "Beach" Volleyball court and weekly yoga classes
- Teradici supports remote work flexibility using our own Cloud Access Software!
To apply to this position please submit your resume and a cover letter answering the following five questions:
- If you had to build a fuzz testing practice from scratch what would your top priorities be?
- Why do you think product companies have such a hard time building secure products?
- What was the last Program or script that you wrote and what security problem did it solve?
- What are your favorite Security Assessment tools?
- Describe a threat that customers of Teradici could face. How do Teradici products mitigate that threat?