Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper® portal and other proprietary security solutions. Trustwave has helped hundreds of thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide.

Security Researcher (Architecture) - Vulnerability Assessment Team (VAT) The Security Researcher (Architecture) will be a key team member of the vulnerability assessment team whose focus will be tracking new vulnerabilities for our scanning platforms, identifying how those vulnerabilities are exploited and writing code that detects the presence of or exploits those vulnerabilities. This team member will also be responsible for much of the design components and architectural guidance in evolving key features the vulnerability scanning service. The Security Researcher brings a wealth of experience in network and application protocols, penetration testing and exploit development. Using this experience a successful candidate will join the SpiderLabs VAT team and extend the security research and detection capabilities of scanning technologies that support Trustwave’s vulnerability scanning and penetration testing services.

Responsibilities:

• Write vulnerability checks for our vulnerability scanning technology
• Create service and application fingerprints
• Implement network protocols
• Maintain the vulnerability scan engine and extending its feature set
• Participate in peer code reviews

 

Requirements:

• Windows and Linux/Unix expertise
• Experience with development in high-level languages like Ruby, Python, Java or C#
• Experience in developing robust and scalable backend services
• Experience with data modeling for large and complex data structures
• Familiarity with vulnerability information formats and jargon (CVE, CVSS)
• Strong knowledge and experience with TCP/IP networking and packet-level analysis.
• Ability to work under tight deadlines with creativity
• Self-motivated, independent and able to understand complex systems
• Must possess strong written and verbal communication skills
• Preferred to be located within the Chicago-land area, though we will consider remote candidates

Additional Plus Competencies:

• Experience with analyzing C/C++, Java, PHP, and other languages are a plus
• Experience with writing vulnerability checks or exploits for systems like Nmap NSE, Nessus, Nexpose, or Metasploit.
• Experience with Open Vulnerability and Assessment Language (OVAL)
• Experience with object-oriented programming concepts and techniques
• Experience researching, reversing, and implementing both open and proprietary network application protocols.
• Experience with vulnerability discovery and disclosure, as well as proof-of-concept exploit development
• Experience with source code management tools such as git or Subversion.
• Experience and/or willingness to present at security conferences like DEFCON, BlackHat, etc.
• Experience and/or willingness to write technical blog posts (See http://blog.spiderlabs.com/)

Education:

We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.