Lead Product Security Engineer

Cloud Software Group combines the capabilities of both Citrix and TIBCO, creating one of the world’s largest cloud software providers, serving more than 100 million users around the globe. When you join Cloud Software Group, you are making a difference for real people, each of whom count on our suite of cloud solutions to get work done – from anywhere. Members of our team will tell you that we value diverse lived experiences, varied perspectives, and having the courage to take risks.  Our teams are encouraged to learn, dream, and build the future of work. We are on the brink of another Cambrian leap - a moment of immense evolution and growth. And we need your expertise and experience to do it. Now is the perfect time to move your skills to the cloud.

• →You will be responsible for leading and executing the Secure Software Development Lifecycle (SSDLC) for Cloud Software Group On-Prem and Cloud products to ensure that our software meets the customer expectation of security robustness.
• →You will guide product development teams on design changes as per security requirements.
• →Manual Source Code Review on C and C++
• →Crash Exploitability Analysis - Analyze crashes to find Security Vulnerabilities using tools such as GDB (Good to have)
• →Execute the penetration tests internally to identify security vulnerabilities.

• 8+ years of experience in a software security role such as blue team.
• You are an expert in at least one of these areas in security Unix System, Network, Cryptography
• Strong C, C++ skills
• Linux - Strong Linux knowledge (low level preferred).
• Good knowledge of Networking (TCP/IP) and other protocols like HTTP/S, DNS, etc.
• Basic understanding of File system concepts.
• Experience with object-oriented design concepts.
• Debugging Skills like GDB, core dump analysis.
• Understanding Makefile concepts.
• Extensive knowledge of common vulnerabilities - able to explain and remediate the OWASP Top 10 vulnerabilities across multiple programming languages
• Deep understanding of application architecture and design principles
• Experience in design review and threat modelling activities
• You are capable of writing exploits for vulnerabilities identified in those respective areas.
• Have excellent capabilities to identify security vulnerabilities and perform root cause analysis.

• Reverse Engineering (Good to have)
• Fuzzing using tools such as AFL, Peach (Good to have)
• Coverity Source Code Analysis (Good to have)
• Good to have certifications such as OSCP, OSCE, GPEN, CRTP etc.

• Requires a Full-time degree in Engineering (Preferably Computer Science related field)