Principal Software Engineer

Job Description

Your Impact Fortify offers a comprehensive portfolio of application security solutions with the flexibility of testing on-premise and on-demand to cover the entire software development lifecycle. Over 80% of security breaches exploit application vulnerabilities, and at Fortify, you will be at the forefront of one of the fastest-growing segments in the security market. Fortify Static Code Analyzer: https://software.microfocus.com/en-us/products/static-code-analysis-sast/overview Join our experts and help us expand our security team! A typical day in your life in this role What the role offers: Design and implement static analysis algorithms based on recent relevant computer science research and literature. Develop new analysis features and add support for new languages and language features. Apply recent research developments from computer science literature where we can benefit from upgrading our algorithms and program representations. Write specifications for features as they are implemented. Analyse the quality of security finding results and product performance characteristics. Maintain the Fortify Static Code Analyzer code base using good software engineering practices. Collaborate with a project team of other software engineers, security researchers, and quality engineers, to develop reliable, cost-effective, and high-quality solutions. Education and Experience Required What you need to Succeed: Master's degree or Ph.D. (preferred) in Computer Science or equivalent, with emphasis on programming languages, static program analysis, compilers, or software security. 12+ years of solid enterprise Java backend engineering skills Excellent written and verbal communication skills; Ability to effectively communicate design proposals and specifications. Qualified candidates have prior expertise in or knowledge of one or more of the following areas: Background in knowledge of compiler internals, static code analysis algorithms (abstract interpretation, dataflow, higher order analysis, buffer analysis, shape analysis, separation logic, context-insensitive incremental analysis). Background in Compiler construction (frontends, IR, type inference, program transformations) in one or more programming languages Background in the software security domain Desirable skills: Programming skills in additional coding languages and frameworks and desire to learn new programming languages Compiler tools (LLVM, MLIR, Rust HIR/MIR, Eclipse JDT, etc.) Experience with software systems running on multiple platform types. Strong analytical and problem-solving skills. Familiarity with agile development methodologies One last thing: You are persistent and inquisitive. You have to understand why things are happening the way they are. You are determined to understand cyber attack techniques at a very detailed level. You are a self-starter who is able to work with minimal management, however have strong collaboration and interpersonal skills to work together with several other professionals from other information security fields. Youre a creative thinker who wants to answer the question, Why? Your workstation is a pyramid of monitors that you can't take your eyes off of at the risk of missing something.