At Malwarebytes, we believe that when people and organizations are free from threats, they are free to thrive. Founded in 2008, our mission is to ensure cyberprotection for everyone, providing device protection, privacy, and prevention solutions in the home, on-the-go, at work, or on campus.
We're looking for a motivated and experienced security professional who wants to take on the challenge of improving the security of our products. Our small but growing security team needs someone with experience working as an Application Security Engineer, who is motivated to learn new products/tools, and can work independently with little guidance.
Key Responsibilities:
* Assist in the development of security processes and automated tooling that prevent classes of security issues.
* Perform and collaborate with external firms on security-focused code reviews.
* Support and consult with product and development teams in the area of application security, including threat modeling and design reviews.
* Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
* Support the bug bounty program.
* Evangelize security and secure development practices.
Requirements:
* Ability to use GitHub and manage GitHub Actions.
* Development skills on Android/iOS platforms. Mobile apps (Kotlin, Swift) code reviews, static and dynamic analysis, and red teaming experience.
* Experience in code review & security analysis of desktop applications.
* Hands-on experience in cloud-based technologies (AWS, AZURE, GCP).
* Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
* Able to be adaptive and flexible in an entrepreneurial organization and solve problems quickly and collaboratively.
* Must be a self-starter, able to work with limited supervision, both individually and with other teams.
* Ability to work within and across teams.
* Ability to work in high-risk environments.
* Willingness to learn and grow.
Nice to Have:
* Advanced internal knowledge of Windows and/or macOS.
* Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking.
* Certifications in any of the following: CISSP, CEH, GIAC Reverse Engineering Malware (GREM).