Software Security Engineer, Manila

Manila, PH

Job Description / Skills Required

GoPro is looking for an Software Security Engineer to join the Information Security team working to help protect GoPro’s Software products. You'll be working with other developers and security engineers to create new security features, review the security of other people's code, and help find and fix security bugs before they're exploited. You will be joining a team responsible for ensuring the security and integrity of applications written in Python, Rails, Node.js, Go, C++ among others. This position is located in the GoPro BGC Manila office.

What You Will Do

Web, mobile and IoT penetration testing
Thick client application penetration testing
NetworkWi-FiBluetooth penetration testing to include vulnerability exploitation and pivoting to gain remote system access
Application source code review
Engage other departments by demonstrating results
Work with development teams to ensure they are provided assessment results in a formal which best suits their needs
Interface with development teams to ensure the remediation of identified vulnerabilities is handled in a timely manner
Work with leadership and core teams to help identify and assist in balancing scope, time and costs
Secure Development Lifecycle advisory
Vulnerability research and exploit development in GoPro software

Skills We’re Stoked About

BA/BS in Computer Science or equivalent practical experience
2-4 years of experience with network/infrastructure penetration testing
2 years of relevant work experience, including: code auditing, fuzzing, black-box analysis
Security source code review experience in C/C++, C#, Node, GoLang, Ruby and Java
Experience with threat modeling and security design review methodologies
A strong understanding of Unix, Windows and network security skills
Ability to work both independently and perform as a leader in a team environment
Excellent interpersonal, organizational and communication skills; able to concisely communicate security risks to both technical and business audiences
Development experience as part of an enterprise development team
Software development experience in C, C++
Experience developing custom scripts or tools used for vulnerability scanning and identification
Strong grasp of cryptography fundamentals
Produced public facing research and/or delivered presentations at security conferences
The ability to demonstrate significant depth of understanding in one or more security fields (memory corruption, Linux system security, operating system kernel security, etc.)