Careers

Job Title & Location:

Senior Security Engineer - New York, NY

Job Description

Gotham Digital Science is looking for an experienced security engineer who has the skills and passion required for disassembling software, writing shellcode, and hacking embedded systems. We are looking for individuals who love the challenge of solving seemingly intractable problems and who think that “secure” is just a matter of perspective. As a Senior Security Engineer you will be expected to serve as a technical lead in our New York office performing the following types of tasks:

  • Reverse engineering, hardware hacking, and black-box style testing against embedded systems and device firmware
  • Security code review and black-box testing at the OS and application layers
  • Vulnerability discovery and working PoC exploit development to gain and expand access to systems and data

GDS provides a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.

Qualifications

The following qualifications are expected from potential applicants:

  • Experience in reverse engineering hardware, OS kernel or system library levels (WinAPI, POSIX)
  • Knowledge of architecture specific assembly languages (x86, x64, ARM)
  • Familiarity with R/E tools such as disassemblers and instruction-level debuggers
  • Good understanding of compilers and binary protections (ASLR, DEP, Stack Canaries)
  • Experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client
  • Familiarity with application layer assessment tools, such as local proxies and fuzzers
  • Excellent communication skills written and oral; able to concisely communicate security risks to both technical and business audiences

The following skills are not required from applicants but would be considered a plus:

  • Professional development experience in C/C++ at hardware, OS kernel or system library levels (WinAPI, POSIX)
  • Familiarity with intermediate runtimes environments (i.e. .NET, JVM, etc)
  • Strong grasp of cryptography fundamentals
  • Good understanding of most of the following concepts: boot loaders, file systems, networking and device drivers.
  • Produced public facing research and/or delivered presentations at well known industry security conferences on the topics of software security testing or reverse engineering