Staff Engineer - Product Security researcher - Secure Development LifecycleBookmark This
Palo Alto, CA
Description# About Us
VMware NSX is a network virtualization platform that delivers the operational model of a virtual machine for the network. Virtual networks reproduce the network model in software, allowing complex multi-tier network topologies to be created and provisioned programmatically in seconds. NSX includes a library of logical networking services – logical switches, logical routers, logical firewalls, logical load balancers, logical VPN, QoS, and distributed security.
A self-service interface allows users to create custom combinations of these services in isolated software-based virtual networks that support existing applications without modification or deliver unique requirements for new application workloads. Similar to virtual machines in compute, virtual networks are programmatically provisioned and managed independent of networking hardware. Decoupling from hardware introduces agility, speed and operational efficiency that has transformed data center economics.
# Why work for our Division
VMware’s world-class, award-winning R&D; team is comprised of thousands of top-notch computer scientists and software engineers that are transforming computing through virtualization. Members of the R&D; team voice their creative ideas and watch them become initiatives, participate in exciting short-term and long-term products on the VMware roadmap, initiate advanced research projects, and/or write and test code that ships. At VMware, our engineers continue to learn and grow by working with top professionals from around the world and recent graduates of top universities and by taking advantage of our extensive internal training opportunities and generous external education assistance program. R&D; team members work on the latest computing equipment and have access to the ACM and IEEE libraries. VMware has R&D; offices in: Silicon Valley; Burlington, MA; Cambridge, MA; Broomfield, CO; Sofia, Bulgaria; Aarhus, Denmark; London, UK; Herzliya, Israel; Bangalore, India; and Beijing, China.
# Job Description
The NSX Networking and security virtualization group, is looking for talented Staff level Security Developer or Application Security engineer who share our passion for innovation and excellence in security virtualization. Be a part of the team that is defining the Security market afresh by combining novel and innovative approaches to security problems with VMWare’s leadership in the Virtualization space. The move towards Cloud Computing comes with a brand new set of security, privacy and trust concerns which require a multi-faceted approach to security.
Virtualization disrupts the security market: it commoditizes base security capabilities and opens up the market for higher value products. VMware leads the market with the NSX Suite of products towards a new model of security that is elastic, unified, enabling the hybrid cloud. But highly technical products with lots of "moving parts" require a significant security effort to be secure themselves.
Roles & Responsibilities:
In this role, the candidate will be responsible for assessing the "security of our secure solution", applying his/her engineering and security knowledge to help us design and test our system against attacks.
* Review developer design and functional specifications and provide feedback on the security implications of the design.
* Perform penetration testing of the product throughout the product lifecycle
* Participate in threat modeling sessions to contribute to the security of the product
* Automate security tests for use in regression testing
* Participate in defect resolution by identifying defects, assisting developers in reproducing defects, verifying defects are fixed, and identifying new regression test cases as needed.
* Work on problems that require you to consider a wide variety of factors and use initiative and judgment to get them fixed.
5+ yrs of relevant Application security development or QA experience.
* CISSP or other accreditations
* Solid understanding of modern computer software techniques
* Solid understanding of networking stacks and layers
* Experience working with any of the following technologies is desirable: SAML, SSO, Identity and Access Management, Application Control, Network Proxies, Content Filtering, Encryption, Application Control.
2+ years of testing in Linux/UNIX and Windows environment, administration experience a plus
2+ years programming in a high level language as well as some scripting languages like Perl or Python.
BS/MS in computer science or equivalent
Be knowledgeable in C++, Java, SQL, and popular associated programming frameworks
Have relevant knowledge and experience related to implementing secure applications
Have used security testing techniques including threat modeling, fuzzing, penetration testing
Be up to date on current security research and techniques
Knowledge of networking and network based methodologies
Experience in both web and desktop based software application programming
C/C++, Python or Java experience
Experience with security or authentication technologies (SSL/TLS, SSO, Firewalls)
Experience with Directory Services (LDAP, MS Active Directory)
Experience with networking protocols (TCP/IP, DHCP, DNS, RDP, VNC).
Familiarity with hardware architectures, preferably x86
Experience in working as a developer
# EEO Statement
VMware is an equal opportunity employer committed to the principles of equal employment opportunity and affirmative action for all applicants and employees. Equal opportunity and consideration are afforded to all qualified applicants and employees in personnel actions, which include: recruiting and hiring, selection for training, promotion, rates of pay or other compensation, transfer, discipline, demotion, layoff or termination. VMware does not unlawfully discriminate on the basis of race, color, religion, sexual orientation, marital status, pregnancy, gender identity, gender expression, family medical history or genetic information, citizenship, national origin or ancestry, sex, age, physical or mental disability, medical condition, veteran status, military status, or any other basis protected by federal, state or local law, ordinance or regulation. VMware also makes reasonable accommodations for disabled employees consistent with applicable law. Further, it is the policy of VMware to maintain a working environment free of all forms of harassment.
*Posting Title:* Staff Engineer - Product Security researcher - Secure Development Lifecycle
*Advertised Location (Select only ONE location):* Palo Alto, CA, US
*Is this a remote or multiple location position?:* No
*Requisition Number:* 51016BR
*LinkedIn Recruiter Account Email:* email@example.com
*Level of Job (LinkedIn):* Mid-Senior Level
*Advertised Group (Place a checkmark to select multiple groups):* Engineering