Posted at: 15 April

Lead Software Security Researcher

Company

Finite State

Finite State is a Columbus, Ohio-based B2B cybersecurity company specializing in connected device security, offering a comprehensive platform for vulnerability detection and risk management across various industries globally.

Remote Hiring Policy:

Finite State operates with a fully remote-first culture, hiring from various locations to support a distributed workforce. Team members collaborate across time zones, ensuring flexibility and inclusivity in the hiring process.

Job Type

Full-time

Allowed Applicant Locations

Canada, United Kingdom

Apply Here

Job Description

Role summary

Finite State is looking for a Lead Security Researcher. In this role you will work on the Software Testing Pipeline team to develop, maintain, and expand Finite State security analysis. You will collaborate with other engineering teams and lead projects extending the reach and accuracy of our software analysis tools, and develop unique solutions to problems that have never been solved before. Our tools analyze compiled binaries (focusing on embedded devices), as well as source code and other artifacts.

You must be based in and authorized to work in Canada, the UK, or the EU.

 

As a Lead Security Researcher, you will:

  • Lead projects to develop proofs of concept and implement new static analysis methods for the Finite State Software Testing Pipeline,

  • Lead efforts to identify & prioritize security risks (CVEs; CWEs; network, device, and configuration issues; key and credential analysis; etc). You will build tools (or leverage existing tools) to identify these risks in binary software.

  • Develop techniques for software composition analysis focused on binary analysis for both statically and dynamically compiled software.

  • Gain familiarity with all parts of the analysis pipeline to effectively contribute as needed in all analysis domains

  • Be responsible for pragmatic technical decision-making to ensure we're delivering high quality software on a reasonable schedule

  • Uphold our core values of transparency, results, accountability, customer dedication, and courage

  • Champion our mission to protect our connected world

 

What we’re looking for:

  • A motivated contributor willing to dive in to solve a wide array of difficult and novel problems 

  • Proven experience working in security research or software analysis

  • Experience in implementing and utilizing static-analysis and dynamic-analysis tools.

  • Experience with disassemblers and other reverse-engineering tools

    • For example: Ghidra, IDA Pro, binwalk, etc.

  • Understanding of common vulnerability & software weakness classes 

  • Programming skills in Python, and an affinity for automated testing

  • Experience working on small, fast-paced, teams

  • Strong communication and collaboration skills

 

It’s a plus if you also have:

  • Data science, machine learning, and LLM skills

  • Experience working with or analyzing real time operating systems (RTOS)

  • Experience with AWS or similar cloud platform environments

  • A growth mindset and the ability to mentor and advise engineers across the department

 

What’s in it for you:

  • Competitive salary with stock option grant

  • Fully covered medical, dental, vision

  • Unlimited PTO & outstanding parental leave

  • WFH stipend

  • Short and long-term disability coverage

  • Life insurance

 

Finite State’s Tech Stack

  • Kubernetes, Helm, Terraform 

  • AWS EKS, RDS, S3

  • Python, Java

  • Apache Airflow

  • PostgreSQL, Redis, ArangoDB

  • Ghidra, Joern

  • Replicated (supporting our on-premise offering)

  • GitHub Actions, ArgoCD

  • Prometheus, Grafana, Honeycomb

  • Cursor, Devin, Github Copilot, etc.

Apply Here