Security ResearcherPrimary Location India, Bangalore Date posted 09/13/2021
Job Title:Security Researcher
Role Overview:The McAfee Consumer business is searching for an accomplished Security Researcher to guide and enable security practices in building a portfolio of industry-leading PC consumer cybersecurity products and online services. As a senior staff member, you will ensure that all products, technology and services delivered by the product engineering teams meet and comply with established security processes. The successful candidate will have a proven track record of driving security engineering practices in a commercial software development environment. We are looking for strong technical skills, excellent written and verbal communication, and good knowledge of product architecture and software security.
McAfee is a leader in personal security for consumers. Focused on protecting people, not just devices, McAfee consumer solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protects their families and communities with the right security at the right moment.
About the role:
- Responsible for the overall security design and implementation for all products, technology and services delivered from the BU
- Create and maintain a Security Engineering roadmap which maps to product engineering initiatives and business deliveries
- Responsible for the successful implementation of a Secure Development Lifecycle (SDL) process in the organization. This includes activities such as Security Architecture and design reviews, Secure code reviews, Static Application Security testing, Dynamic Analysis, Threat Modelling, Fuzz Testing, Pen testing, Vulnerability analysis, etc.
- Responsible for the overall security best practices in design and implementation for all products, technology and services delivered from the business
- Relevant academic background with 12+ year of expertise in Software Development
- Have a Security Certification (CEH, OSCP, eJPT, Security+, AWS security)
- At least 8+ years of strong, demonstrable Security Engineering experience in a commercial software development organisation
- Knowledge on the following areas - Threat modelling (e.g. Stride model),Windows internals, Windows client application security, Windows Debugging, Sys Internal Tools, Web application security, Mobile application security, AWS security
- Experience in Vendor Assessment (e.g. large source code analysis)
- Experience in PSIRT (Product Security Incident response team), creating CVSS, writing security bulletins
- Experience with different security tools and techniques (Burpsuite, NetSparker, Coverity, Fortify, CheckMarx, Blackduck hub, Protex, Windows Sys internals )
- Expertise in penetration testing, fuzz testing, an understanding of different attack vectors, vulnerability analysis and application reversing skills
- Knowledge of Cryptography principles and their application in designing Security solutions
- Experience with secure design review of Network Applications and Protocols
- Create a proof-of-concept' for security exploits or solutions using C/C++, C#, Python etc.
- Experience in DevSecOps, CI/CD is advantageous
- Strong Operating System knowledge with Windows, iOS and Android
Company Benefits and Perks:
We work hard to embrace diversity and inclusion and encourage everyone at McAfee to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
- Pension and Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
We're serious about our commitment to diversity which is why McAfee prohibits discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.