Static Analysis Engineer
(Configuration / Release Engineer 2-4)
The Static Analysis Engineer will join the Static Analysis Security Testing (SAST) team within the WhiteHat Security Threat Research Center (TRC) to assist customers in configuration of their application source code scanning and monitor the health of their ongoing scans. The engineer will work with multiple customer organizations on hundreds of applications, in a variety of languages, frameworks, and development methodologies to provide world class static analysis services.
What we’re looking for:
- Intermediate to expert level knowledge of Linux system administration.
- Command line tools such as tcptraceroute, dig, curl, ping, ssh, scp, sftp, etc
- Log Analysis
- Networking (DNS, Firewalls, Proxies)
- Intermediate to expert level knowledge of application development toolchains: Package Management: Maven, Gradle, NuGet, NPM, Bower, Yarn, Composer, etc
- Platforms: Mono, .Net/.NetCore, JVM, V8, IOS, Android
- CI/CD: Jenkins, Travis, VSTS, Bamboo
- Transpilers: Webpack, Babel, Typescript
- Testing: Common frameworks and conventions for unit and functional testing (Selenium, Karma, JUnit, Jasmine, Mockito, Faker, etc)
- Intermediate to expert knowledge of one or more of the following languages: Java, C#, PHP, Objective C, TypeScript, and Python
What you'll be doing:
- Configure WhiteHat’s static code analysis engine to checkout and scan customer code thoroughly and efficiently.
- Assist customers in achieving ideal scan configuration, by reviewing scan meta-data, project structure, and customer feedback to make scan configuration recommendations and changes.
- Offline and live troubleshooting for and with customers.
- Monitoring scheduled scans to make sure they complete on schedule and triaging scan failures.
- Collaborating with Technical Support to prioritize bugs and enhancements for engineering
- Provide feedback to engineering on needed technology support and configuration options
What we value:
- Quickly learn new languages, frameworks, and security controls through self-study
- Effective communication with team members and customers
- Detail oriented problem solving
- Understanding of SAST concepts
- Bachelor’s degree in computer science, related discipline, or equivalent experience
- Understanding of the basic concepts of programming (object-oriented, functional patterns, etc)
- Passion for the advancement of web security
- Familiarity with the OWASP Top 10