Security Specialist

Engineering London, United Kingdom


Description

Security Specialist
The Role

Security of in-house software development is central to the business' goals. Software at G-Research is developed primarily in C#. Reporting into the Secure Architecture Team Manager, the key responsibilities of the role are:
  • Applying advanced security techniques in team software, shared libraries and controls:
    • shared security components for use by our developers
    • high assurance software (e.g. for cryptographic key management)
    • bespoke security tools/controls for use by the InfoSec division
  • Contributing to the company vision for security architecture
  • Assisting with team outreach regarding secure development lifecycle
  • Maturing software engineering & quality practices within Information Security
  • Working closely with other developer teams to ensure security best practice
Forthcoming challenges for the team include developing (or integrating) solutions for code integrity, endpoint authentication, application armouring, data tagging & information flow control, and process sandboxing. The security specialist would be expected to become the SME on the security solution and spearhead the team's work to apply/integrate it.

The Individual

The candidate must be a seasoned security expert with both specialist skills and a breadth of general security knowledge. The candidate should have experience in defensive security software development, producing vendor products, in-house defences or in research. They should be enthusiastic and have a genuine interest in both the attack and defence sides of application security.

Commercial or personal experience is required in security & cryptography topics that demonstrate security skills. Examples are:
  • Authentication technology
  • Transaction systems integrity
  • Reverse-engineering resistance / obfuscation
  • Securing distributed systems
  • Open source development security
  • Crypto libraries (e.g. openSSL, bouncycastle)
  • Public Key Infrastructure
  • Kerberos / Active Directory security
  • Malware analysis
  • Cryptocurrency
The candidate should have an appreciation of good software architecture and knowledge of platform internals: compilers, language VMs, operating systems, assembly code.

They must have the ability to develop software in an object-oriented language. Ideal candidates would have experience with modern software engineering practices, statically typed languages (Java/C#), and should have a working knowledge of Security Development Lifecycle (SDL) and security software assurance techniques.

Specialist security skills should be complemented with excellent academics - good A-level results combined with a 2.1 or better in computer science/software engineering. Excellent communication skills are also expected - the successful candidate will act as a conduit between the information security team and the other developer teams within the business.

Candidates from all commercial backgrounds are encouraged to apply. We are considering candidates with varying levels of experience.