Cybersecurity R&D Software Engineer - remote

New Context Services
Posted 3 years ago
Stack Overflow

New Context is a rapidly growing consulting company in the heart of downtown San Francisco. 

We specialize in Lean Security: an approach that leads organizations to build better, safer software through hands-on technical and management consulting. We are a group of engineers who live and breathe Agile Infrastructure, Systems Automation, Cloud Orchestration, and Information &Application Security. 

This position is part of New Context’s security and services research team. When COVID-19 travel restrictions are removed, the position may be expected to travel up to 20% of the time for project meetings and industry conferences.

Description:

As a Cybersecurity R&D Software Engineer, you will provide hands-on technical and software development consulting to our energy sector clients. You will work with clients in operational technology to develop capabilities that support cybersecurity threat information, automated response to cyber events, maturation of standards such as STIX and OpenC2, machine learning, and other upcoming research projects. 

Many of our utility and energy sector contracts are funded by research grants which last 1 to 3 years. You will need to be comfortable with projects where much of the roadmap to success must be determined throughout the course of the contract. At the same time, you will need to draw on your industry experience to merge research deliverables in a manner that is congruent with how utility and energy sector organizations function. At the end of the day, you are responsible for delivering on the customer requirements.

Required Qualifications:

Must be a US Citizen 

Responsibilities:

  • Acting as a consultant to customers and industry partners to meet the goals of the contract or research grant.
  • Participating in developing new or analyzing existing processes for customers and industry partners.
  • Creation and maintenance of tooling to support research activities, development of Proof-of-Concept systems to demonstrate technologies and solutions for customer research efforts
  • Making security architecture recommendations to customers that will improve security programs and posture.
  • Supporting management in the development of project proposals and plans.

Who You Are:

  • Experienced software engineer with 4+ years hands-on experience in one or more of the following areas: cybersecurity threat analytics, operational technology, cybersecurity operations, sharing of threat intelligence, security incident handling and response.
  • Comfortable and adept at documentation, including: technical documentation, updates to project management reports, lessons learned, white papers, talking points and presentations.
  • An excellent communicator, experienced working with external clients and customers, and able to communicate productively with customers to explain technical aspects and project status.
  • Self starter who is able to work independently and as part of a team to meet deadlines.
  • Competent with a programming language such as Python, Ruby, Go, C.
  • Experienced with packet capture analysis and wire-level protocols
  • Familiar with various exploitation techniques and countermeasures
  • Familiar or comfortable with machine learning concepts

Bonus Points if You Are:

  • Experienced and knowledgeable of Structured Threat Information Expression (STIXTM) and Trusted Automated eXchange of Indicator Information (TAXIITM).
  • Experienced with using MITRE ATT&CK.
  • Experienced with IT and OT security, regulatory and compliance frameworks that may include: NERC CIP, ISO/IEC 27001, SOC2, NIST 800-53, NIST 800-171, IEEE 2030.5
  • Experienced or familiar with ICS protocols such as Modbus/TCP, DNP3, GOOSE, etc.
  • Formal IT Security/Network Certifications such as: CompTIA, SANS GIAC, ISC²
  • Familiar with: TCP/IP, firewalls, IPS/IDS systems, social engineering, intrusion detection, code auditing, forensic analysis.
  • Familiar with exploit development, vulnerability assessment and test development techniques.

We are committed to equal-employment principles, and we recognize the value of committed employees who feel they are being treated in an equitable and professional manner. We are passionate about finding ways to attract, develop and retain the talent and unique viewpoints needed to meet business objectives, and to recruit and employ highly qualified individuals representing the diverse communities in which we live, because we believe that this diversity results in conversations which stimulate new and innovative ideas.

Employment policies and decisions on employment and promotion are based on merit, qualifications, performance, and business needs. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.