Senior Product Security Engineer

Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes has grown beyond malware remediation to ensuring cyberprotection for every one, providing device protection, privacy, and prevention solutions in the home, on-the-go, at work, or on campus. With threat hunters and innovators across the world, we want great people, like YOU, to join our team!        Malwarebytes is looking for...         A motivated and experienced security professional who is looking to take on the challenge of improving the security of products at a Security company. We’re looking for someone to join our small but growing security team and apply their experience with tools and technologies and identifying and addressing product security issues. We are looking for someone who has previously worked as an Application Security Engineer, is motivated to learn new products/tools and can work independently with little guidance.              What You’ll Do:       

• Assist in development of security processes and automated tooling that prevent classes of security issues 

• Perform and collaborate with external firms on security-focused code reviews 

• Support and consult with product and development teams in the area of application security, including threat modeling and design reviews 

• Assist teams in reproducing, triaging, and addressing application security vulnerabilities 

• Support the bug bounty program 

• Evangelize security and secure development practices 

       Skills You’ll Need to Have:       

• Ability to use GitHub and manage GitHub Actions 

• Development skills on Android/iOS platforms. Mobile apps (Kotlin, Swift) code reviews, static and dynamic analysis, and red teaming experience 

• One of:  
  • MacOS internals advanced knowledge. Experience in code review/security analysis of OSX applications (Objective-C, Swift) 
  • Windows internals advanced knowledge. Experience in code review/security analysis of Windows applications (C, C++, C#, kernel and usermode)  

• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner 

• Able to be adaptive and flexible in an entrepreneurial organization and solve problems quickly and collaboratively

• Must be a self-starter, able to work with limited supervision, both individually and with other teams 

• Development skills on Android/iOS platforms. Mobile apps (Kotlin, Swift) code reviews, static and dynamic analysis, and red teaming experience 

• Ability to work within and across teams 

• Ability to work in high-risk environments 

• Willingness to learn and grow 

Skills that are Nice to Have:

• Hands-on experience in cloud-based technologies (AWS, AZURE, GCP) 

• Thorough knowledge of digital forensics methodology as well as security architecture, system administration and networking 

• Certifications in any of the following: CISSP, CEH, GIAC Reverse Engineering Malware (GREM)