Product Security Engineer

About

The Product Security Incident Response Team is looking for a Product Security Engineer, to handle Product Security related incidents, and to perform vulnerability research on Fortinet products.

Duties

• Find and report unknown vulnerabilities in Fortinet products via black box analysis, fuzzing, and source code auditing, both manual and via appropriate tooling.
• Contribute to the elaboration and execution of the automation and tooling strategy of Fortinet Product Security and QA, in order to prevent and detect vulnerabilities early in the source code.
• Triage incidents, answer questions they may raise, test for vulnerabilities they may signal, investigate source code and create (then follow up on) Incidents on the Incident Management System when necessary. Escalate to senior analyst when incident falls out of the field of competence/knowledge.

Skills

• Good understanding of Fortinet products line-up, solid security background, in-depth understanding of asymmetric cryptography, scripting knowledge, high proficiency in C language, must be detail oriented and able to follow processes thoroughly.
• Good understanding of vulnerabilities at source-code level required. Experience in Dynamic Application Security Testing tools e.g. Nessus, Retina, Nexpose, Burp, Qualys, CoreImpact is a plus, as well as experience in pentesting methodologies and/or fuzzing tools.
• Clear and respectful communication, strong reliability, and consistent demonstration of ethical integrity across all aspects of the work.

Education

• BS in Computer Science or equivalent.
• MS in Computer science preferred