Austin, Texas, United States
What a security engineer does Performs security code reviews. Develops and maintains application security automation tools for the team and the rest of Atlassian. Helps product engineers in fixing security vulnerabilities. Presents and explains their and the team's ideas to a range of stakeholders and process their feedback. Participates in design reviews and threat modelling. Writes code to support new security features in products.
• Provided Cybersecurity support and guidance for a major US Air Force program. • Led a small team in designing a suite of tests to enable automated vulnerability discovery in program-related software. Utilized existing fuzz testing frameworks (Peach, Radamsa, AFL) and developed custom monitoring and recording tools using Java, C++ and Python. Also developed a tool set to automatically reverse-engineer aspects of a proprietary network protocol to make our fuzz testing more effective. • Presented recommendations to the program sponsor on how to reduce security risks to the program, including both technical advice and long-term program planning. • Developed prototype technologies to secure the network protocols used by the standard and demonstrated the prototypes on simulated aircraft networks. Both solutions used minimal resources by incorporating a streamlined cryptographic library developed by our group. • Provided guidance and technical advice in developing a new interoperability standard. Topics investigated included the security capabilities of different data transfer protocols (NFS, FTP, HTTP, etc.), proper use of cryptographic primitives, vulnerabilities related to parsing data, and common network and transport level attacks.
- Helped analyze vulnerability and configuration scans on the agency’s accounting system, HIGLAS, using scanning tools from Tripwire and nCircle. - Created a database application to track HIGLAS auditing and assist with continuous monitoring requirements. - Researched agency and federal requirements for continuous monitoring as required by FISMA, and presented a summary of current department compliance to management. - Ran user test cases for the development instance of HIGLAS, found and reported bugs to the development team.