To address the scale needed by the rapid pace of software growth, companies need security tools that are automated and don’t require lengthy manual analysis to sift out false positives. Our focus at ForAllSecure is to build the next-generation of security products that change how companies develop, test and deploy software.
Our tool Mayhem, a fully autonomous cybersecurity system, was built utilizing over 12 years of research out of Carnegie Mellon and developed by a team of some of the best hackers in the world. In 2016, DARPA hosted the Cyber Grand Challenge, the world’s first all-machine hacking tournament, in which Mayhem competed and took first place against industry and academia’s best challengers. Since then, we have been bringing this product to market. The Mayhem solution makes software validation testing radically simpler with a powerful combination of intelligent fuzzing, symbolic execution, and checking of static security indicators.
Currently Mayhem has found vulnerabilities in several open source projects, components in aircraft systems, and critical flaws in embedded devices. This is only the beginning as we plan to have Mayhem bring automation, usability and scalability to today’s software security problem.
As a Senior Windows Engineer, you will be responsible for our initial build-out of Windows support for Mayhem. Our solution is currently Linux based. Mayhem performs dynamic analysis and as such needs to be able to automatically launch a windows program thousands of times, and perform dynamic analysis of each run. We’re looking for an engineer that brings the experience to design and build the initial MVP to help solve this problem.
- BS degree in Computer Science or related technical field, or equivalent practical experience.
- Legally Authorized to work in the US
- 6 years experience developing C/C++ on Windows in a role that required understanding Windows internals.
- Familiarity with Fuzzing and/or dynamic analysis
- C/C++/OCaml/Python for development
- Binary analysis, fuzzing and symbolic execution for dynamic analysis security tool portfolio.
- Python, Flask, Postgres, Nginx, S3, React/Redux for our infrastructure.
- Container technologies including Docker, Kubernetes for infrastructure packaging and deployment
- Cloud Services including AWS and GCE
ForAllSecure is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: ForAllSecure is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at ForAllSecure are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. ForAllSecure will not tolerate discrimination or harassment based on any of these characteristics. ForAllSecure encourages applicants of all ages. ForAllSecure will provide reasonable accommodation to employees who have protected disabilities consistent with local law.