Threat ResearcherDate posted06/27/2018LocationRoseville, California Who You Are As a Security Engineer/Threat Researcher you will be part of Aruba Threat Labs, an internal product security group focused on researching and improving the security of Arubas products, the companys secure development practices, and the companys vulnerability disclosure processes. Reporting to the Chief Technologist for Security in the Office of the CTO, the security engineer/threat researcher will have responsibility across Arubas entire product portfolio including LAN switching, Wi-Fi, Network Access Control, cloud, and security monitoring solutions. This is a new team with an evolving and growing mandate, so you'll be charting your own course to a great degree. What youll do -Conduct security-focused reviews of Aruba product source and object code -Conduct security-related testing of Aruba products using the mindset of a malicious attacker -Develop or integrate new software tools to support vulnerability tracking and disclosure to customers -Work with Arubas bug bounty program, partnering with product engineering teams to ensure correct reporting and response to vulnerability submissions -Write vulnerability disclosure bulletins for publication -Become a subject-matter expert on secure development practices relevant to Aruba technologies, while evangelizing those practices to product engineering teams -Conduct original security research on non-Aruba products and technologies, to include publishing papers and speaking at security conferences -Positively represent Aruba in the security community by balancing the goals of security researchers with the needs of Arubas customers Desired Experience Security is a rapidly evolving space, made up of numerous different technologies, and no single person is expected to possess every characteristic on this list. A curious mind, an ability to think about the rules and how to break them, and a willingness to learn are the most important traits we look for. If you have some of the following and are willing to learn more of them, we want to hear from you. -B.S. in software engineering, computer science, information assurance/IT security, or a related field, or equivalent experience -2-6 years experience in software engineering, security consulting, penetration testing, or a related area -Our products are written in a number of different programming languages, but predominately C, Python, PHP, Go, Java, and shell scripting. The ability to read and understand source code is more important than the ability to create new source code. -Security certifications such as CISSP, GIAC, CEH, and OSCP or willingness to obtain them (we pay for training!) -Basic knowledge of attack techniques such as buffer overflows, XSS, XXE, CSRF, SQL injection. -Basic knowledge of cryptography and security protocols such as TLS and IPsec. -Networking knowledge is a plus -Ability to work unsupervised with a geographically distributed team. -US Citizenship is required Benefits youll enjoy: At Aruba, a Hewlett Packard Enterprise Company, we offer an exciting and fun work culture, driving innovation, collaboration, and growth. We place our customers first, deliver some of the most innovative technologies to the market, and have fun doing it all! Come join our team and be part of an exciting organization poised for success! Thanks for taking the time to review our job, if you think it is a match to your experience and interests please apply today we are eager to learn more about you! We have dozens of openings, so encourage your friends to apply as well! *LI-RF1