Job Description

Worker Sub-Type: Regular

:

Do you want to work for a company where security is the #1 priority? Come join us!

Today, BlackBerry is a transformed company. We're no longer about the smartphone, what we once did for smartphones is what we're now doing for Enterprise of Things (EoT) - envisioning, enabling and securing new forms of communication that are connecting the business world in extraordinary new ways. We have the most complete and advanced end-to-end solutions to enable EoT, and our ideas lead the way in the hottest markets like cybersecurity, SaaS, neural networks and autonomous vehicles. We operate around the principal that security should be integrated throughout all stages of the development process and not left as an afterthought. Security is the heart of what we do.

Are you the person we're looking for?

BlackBerry Jarvis is part of a platform for automating the process of assessing the overall end-to-end security and craftsmanship in automotive software and beyond. Working with our patented technology you will work directly with our automotive customers through all stages of the SDLC to ensure their software is secure and reliable. You will also contribute and expand the Jarvis technology and wider platform according to customer needs and continuous improvement efforts.

Ideally you will have experience in writing code to detect or exploit security vulnerabilities, with a passion for learning and breaking new technologies as we strive to create the most secure products on the market. In return for your talent and enthusiasm, we will provide you with a host of exciting challenges to work on, excellent technical resources and tools, and the opportunity to work alongside and be a part of our world class security teams.

In the role, you will:

• Contribute to the development of the Jarvis SCA and SAST technology
• Design and implement automated tools for security related data processing
• Reverse engineer binary files to determine file formats, and understand disassembly
• Support research into current and emerging threats to embedded systems
• Research and evaluate the state of the art within the security research community
• Document, present, and create training material as needed to support field application engineers and customers
• Undertake continual skills and knowledge development by attending security conferences and participating in professional training
• Patent novel methods related to security research where applicable

Ideally, you will have:

• Skills & Credentials

• Degree in Computer Science or Engineering
• Strong system level C/C++ and Python programming and debugging experience
• Ability to analyze code behavior down to assembly level language
• Deep understanding of common classes of product security vulnerabilities and attack/defense methodologies deeply
• Knowledge of application security configuration and best practices
• Good architectural and security knowledge of two or more of the following areas:

• C/C++ development, compiler and linker functions and memory management and protection
• Security weaknesses inherent in embedded software systems
• Distributed systems and internet services including web services and REST
• IoT and embedded devices, including services and supporting backends
• Cloud architecture and Web applications
• PKI and cryptography
• Good understanding of standard security vulnerabilities, their standard fixes and mitigations
• Knowledge of less common security vulnerabilities in specific technologies or areas.
• Ability to identify security issues at some stages of the SDLC from architecture / design through to implementation and work collaboratively with engineering on a range of solutions for issues found.
• Ability to develop tools to analyze systems and find security vulnerabilities
• Ability brainstorm, research, design, and implement extensions, improvements, or alternatives to a base concept with minimal support, getting the job done
• Experience working with secure coding methodology and best practices and their implementation within engineering teams.
• Strong programming/debugging skills with at least two programming languages from the following:

• C/C++
• Objective C
• Java
• JavaScript
• Assembler (x86, ARM)
• Able to work collaboratively with minimal supervision as part of a multi-disciplinary team
• Knowledge of software within safety critical systems, such as automotive is highly advantageous
• Excellent written and verbal communication skills including the ability to convey highly technical information to non-technical audiences.
• Comfort with travel to customer premises in a consulting capacity

Interested to learn more? We'd love to hear from you!

#LI-TT1

Scheduled Weekly Hours: 40