The opportunity:
We are seeking exceptional candidates for our Analysis Engineering team to work on and enhance the analysis engine behind Mayhem, the core of our product responsible for discovering bugs and security vulnerabilities. Currently Mayhem has found vulnerabilities in open source projects, components in aircraft and automotive systems, and well-known embedded devices. This is only the beginning as we are providing Mayhem to bring automation, usability, and scalability to today’s software security problems.
At ForAllSecure you will join a talented, ambitious engineering team that is creating truly novel technologies and products that will impact the way people see themselves and the world. If you are someone who has a passion for writing the future of software security, this is the place for you!
What you will do:
- Work on cutting-edge technology built to find vulnerabilities and shorten the cycle of identifying and fixing software flaws
- Collaborate with teammates both local and remote, through pull requests, in-person conversations, Slack, etc
- Develop new features, fix interesting bugs, write tests, and review your teammates’ code
- Collaborate with support engineers and customers to improve the security and quality of software in their ecosystem
- Build expertise and responsibility for specific components of Mayhem ecosystem
You are someone who:
- Demonstrates a passion for building innovative and easy-to-use tools for finding bugs, improving code quality and security, and enhancing the debugging experience
- Has strong computer science fundamentals demonstrated through a Bachelor’s, Master’s, or PhD degree in computer science or related discipline
- Has experience with systems-level programming in Linux
- Is proficient in Rust, Python, and/or C/C++ development
- Has knowledge of common compiler concepts: types, code generation, register allocation, stack frames, inlining, and control flow graphs
- Has knowledge of binary execution formats, assembly, linkers and loaders
- Has knowledge of operating system concepts (memory management, process lifecycle, I/O, etc.)
- Has a background in vulnerability research or reverse engineering (preferred)
- Has prior experience with technologies in program analysis like fuzzing and symbolic execution (preferred)
- Is familiar with modern exploitation techniques and mitigations/counter-measures (preferred)
- Is experienced with run-time analysis tools (such as Valgrind or LLVM sanitizers) (preferred)
- Has knowledge of OCaml, Haskell or other functional programming languages (preffered)
- Is familiar with containerization technology (Docker/OCI) (preferred)
Who we are:
Our hunger for success drives our actions. We have respect for all, respect that people will have different opinions, and strive to mitigate unconscious bias. We commit to being responsible, transparent, and accountable in our actions to our customers and each other. We have a growth mindset, believe challenges can be opportunities, and ask what we can do 10% better each time.
We believe in a world where autonomous application security allows us to move faster and beat attackers. We do not believe the status quo is working, as companies are developing software much faster than they can manually secure it. We developed an autonomous appsec AI engine called Mayhem, which automatically tests and finds new zero-day exploitable vulnerabilities before attackers. Mayhem was battle tested in and won the DARPA (Defense Advanced Research Project Agency) Cyber Grand Challenge, and exhibited at the US Smithsonian Museum. ForAllSecure is bringing Mayhem to the world as an enterprise sales technology.
ForAllSecure’s customers include Roblox, Cloudflare, Motional, US CyberCommand, where applications range from securing online platforms used by millions to critical mission safety systems. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure for scalable, advanced security testing that keeps pace with increasing development speeds and deployment frequencies. Other awards include the 2021 SINET 16, 2021 Global Infosec Award, and the MIT Technology Review as one of the 50 Smartest Companies. We are backed by NEA and KDI, having just raised our Series B funding.
EEOC Statement
ForAllSecure is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. We commit to living by our core values of hunger, respect, accountability and growth mindset. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to veteran status, service-member status, race, color, religion, sex, sexual orientation, gender identity, age, pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship status, physical or mental disability, genetic information (including testing and characteristics), or any other status protected by the federal, state, or local laws. ForAllSecure's commitment to equal opportunity employment applies to all persons involved in our operations and we prohibit unlawful discrimination by any employee.
This policy applies to all terms and conditions of employment, including recruiting, hiring, promotion, termination, leaves of absence, compensation and training.
E-Verify Employer (Applicants in the USA)
ForAllSecure participates in E-Verify. For more information on E-Verify please click the links below:
- E-Verify for Employees
- This Employer Participates in E-Verify
- Right to Work
What We Do
Mayhem is a developer-first application and API security testing solution. Built by professional hackers for developers, it automatically generates and runs thousands of tests per minute to identify defects in your code. Self-learning algorithms continually expand test coverage, and dynamically test parts of your code often missed by static analysis. False positives are avoided by automated triage and reproduction. Every result is actionable, reproducible, and prioritized for you. Regression testing ensures that your fixes stay fixed. Mayhem easily integrates into your build pipeline and runs continuously in the background. So go ahead, add a little Mayhem to your DevSecOps. We’ve got your code covered.