Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the globe. The company's fast, secure and global cyber security solutions provide broad, high-performance protection against dynamic security threats while simplifying the IT infrastructure. They are strengthened by the industry's highest level of threat research, intelligence and analytics. Unlike pure-play network security providers, Fortinet can solve organizations' most important security challenges, whether in networked, application or mobile environments - be it virtualized/cloud or physical. More than 210,000 customers worldwide, including some of the largest and most complex organizations, trust Fortinet to protect their brands. Learn more at http://www.fortinet.com , the Fortinet Blog or FortiGuard Labs .
Fortinet's Product Security team is looking for an engineer with a strong security and networking background to validate or discover vulnerabilities affecting Fortinet products, and infuse a security-oriented culture to surrounding teams.
The position is based in Burnaby, B.C. TITLE:
Product Security and Incident Response EngineerJOB DESCRIPTION:
n•Handle security incidents on Fortinet Products:n•Analyze, replicate and assess the severity of potential security issues affecting Fortinet products.n•Advise R&D teams on remediation options.n•Discover potential vulnerabilities affecting Fortinet products, via scanning, fuzzing, code analysis, and penetration testing methods.n•Create technical documentation and bulletins to improve internal and external knowledge base.n•Help conveying a security culture to R&D teams via security-oriented events (Catch the Flag, Workshops, etc...)n•Develop in-house tools to automate or/and improve some aspects of Incident Response and vulnerability DiscoveryJob Experience Required:
n•Excellent understanding of security and vulnerabilities conceptsn•Strong interest in the security community and familiar with security oriented e-zines or mailing-lists, such as bugtraq or Phrackn•Strong knowledge of data networking protocols, specifically TCP/IP, routing and switchingn•Good knowledge of the SSL/TLS protocol a big advantagen•Good understanding of cryptography concepts (public/private key cryptography, certificates, etc...) Background of penetration testing is highly preferredn•Good knowledge of Web application conceptsn•Experience in reverse engineering of security threatsn•Previous experience in one or more of the language: C/C++, Python, Perl, Rubyn•Administrator level working knowledge of Windows, Linux or Unix skills an advantagen•SQL knowledge an advantagen•Good communication skills, oral & written Educational Requirement:
n•Bachelor or Master degree in Comp. Science, Engineering or other relevant technical field, or equivalent combination of work experience and education