Software Development Engineer in Test

Job Description

The security team at Cohesity is on a mission to help organizations around the world protect their data and stay ahead of evolving cyber threats. Our mission is to help organizations around the world to safeguard their data and bounce back fast from ransomware attacks. In this role, you will be responsible for identifying vulnerabilities through code analysis and reverse engineering, and documenting your findings with detailed reports, including proof of concept (PoC) and actionable recommendations. You will also provide suggestions to strengthen the overall security posture of the target systems. Staying up to date with the latest cybersecurity trends, emerging threats, and technologies is essential, as you will contribute implementation plans to enhance the security of our product. HOW you'll SPEND YOUR TIME HERE You should be able to penetrate the applications, network, systems and have a diverse understanding of the current state of security, use best practices and be familiar with the vulnerability research process that includes foot printing, scanning, enumeration, systems hacking, escalation of privilege, and the tools that are deployed in each phase of the process. You must be able to understand product architecture and identify attack vectors which could include standard as we'll as proprietary protocols and use methodologies like OWASP, SANS, NIST. You should be able to find 0-Day vulnerability with code analysis or reverse engineer and create a report with the appropriate recommendations / POC of the identified vulnerabilities. You should be able to do threat modelling of a feature and perform its validations. Additionally, you should have strong written communication skills to document and categorize the threat level of discovered vulnerabilities and make suggestions about how to improve the targets security posture. You should have a strong understanding of technical domains like (Applications, Platforms, Networking, etc) as we'll as human interaction domains (eg, Social Engineering), as we'll as an awareness about current laws that may affect the way in which the analysis is conducted. You should know modern authentication protocols and have a background of cyber security. You should be we'll versed in cloud computing technologies and have knowledge of Windows, Linux, Unix internals. Should have in depth understanding of network security: TCP/IP, DNS, proxies, firewall configuration, intrusion detection and prevention systems, IPSec and TLS/SSL. Experience with cryptography including symmetric and asymmetric cryptography, hashing and should be able to simulate Ransomware attacks and provide suggestions to defend them. Experience with tools for conducting enumeration of target environment and configuration and penetrate by tools used for system hacking (eg, password cracking), malware creation/deployment, network traffic sniffing, session hijacking, denial of service and SQL injection. Experience in developing payloads using applications or scripts (C++,Python, Shell etc) we'd LOVE TO TALK TO YOU IF YOU HAVE MANY OF THE FOLLOWING Preferred Certifications: Certified Information Systems Security Professional (CISSP) | Certified Ethical Hacker (CEH) | EC-Council certified Security Analyst (ECSA) | Offensive Security Certified Professional (OSCP) | Licensed Penetration Tester (LPT) Minimum 5-7 years of experience in the Security Domain Excellent communication skills and great collaboration Familiarity with frameworks like NIST, MITRE ATT&CK, and CIS Controls Good to have experience with SIEM, IDS/IPS, endpoint protection, and other security tools. Knowledge of scripting (Python, Bash) or automation tools for security operations