Security Researcher (Database Security)

About Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at https://www.trustwave.com.

Security Research Engineer – Database Security. The role is open to remote (Philippines based).

We are currently looking for a talented, highly motivated Security Research Engineer for our Database Security Research Team. The position will be a key team member of the team whose focus is to research and develop database vulnerability and security configuration detections for our DbProtect and AppDetective Pro database products.

Responsibilities:

• Conduct security research on relational as well as no-sql database applications
• Research and implement detections for our database security scanning platform
• Participate in peer code reviews
• Author knowledgebase descriptions for our detections and maintain related meta data
• Share your research with the community via blogs, etc.
• Improve our team's processes and efficiency with your ideas
• Improve our Test Lab infrastructure
• Develop tools to assist with our SDLC

Requirements:

• Expertise in the software security field
• Experience in vulnerabilities research
• Experience writing vulnerability detection and software configuration signatures
• Programming skills in languages like: Python, Java, or C#
• Database skills: SQL and administration skills for at least one major database e.g. Oracle, MSSQL, IBM DB2, Sybase, PostgreSQL or MySQL
• Ability to work under tight deadlines with creativity
• Self-motivated, independent and able to quickly assess and understand complex systems
• Be a team player
• Must possess strong written and verbal communication skills
• Experience with AWS, Azure or other cloud platforms
• Experience with installing/deploying databases inside Unix/Windows platforms

Additional Plus Competencies:

• Advanced Linux / Unix knowledge
• Experience with regular expressions
• Familiarity with compliance regulations and standard frameworks like DISA-STIG, CIS, etc.
• Experience with vulnerability discovery and disclosure, as well as proof-of-concept exploit development
• Experience with source code management tools such as git or Subversion.
• Experience and/or willingness to present at security conferences like DEFCON, BlackHat, etc.
• Experience and/or willingness to write technical blog posts (See https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/)
• Experience with CI/CD environments
• Experience with Terraform or other infrastructure as code frameworks

Education:

• A high school diploma or equivalent is required; a college or university degree is a plus.

This is a remote opportunity open to anyone legally authorized to work in the Philippines. Guided by our flexible workplace philosophy, Moments That Matter, people gather in the office when in-person interaction is most impactful; full-time remote employees may be asked to travel occasionally based on the needs of the team and the business.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.