MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: https://www.mathworks.com/company/jobs/resources/applying-and-interviewing.html#onboarding.
Will be responsible for planning, implementing and monitoring security measures for the protection of MathWorks’ sophisticated software; improving and evangelizing MathWorks security practices, processes and tools, with a focus on: development security, Secure SDLC, security testing, secure coding standards, threat modeling, phishing, and SOC2 compliance; providing internal consulting and coaching support, evangelizing new security tools and best practices, and creating and delivering learning resources; identifying and monitoring issues that impact organizational goals related to security; developing clear and well-scoped problem statements, and initiating and driving related security projects to completion; creating new processes, resources and reference content facilitating organizational adoption of security tools and standards through thoughtful change management strategies; supporting the Development organization's growth and learning around MathWorks standard security processes; evaluating impact with Kirkpatrick Level 1-4 evaluations; and reviewing, cataloging and promoting user-created security and resources. Position reports to Natick, Massachusetts headquarters and may work remotely from a home office anywhere in the United States.
MathWorks nurtures growth, appreciates diversity, encourages initiative, values teamwork, shares success, and rewards excellence.
Minimum Qualifications:
Education and Experience:
Master’s degree in Engineering, Computer Science, Cybersecurity, or a closely related field (or foreign education equivalent) and two (2) years of experience as a Senior Software Process Engineer (or related occupation) testing or analyzing and evaluating security of software applications.
OR
Ph.D. degree in Engineering, Computer Science, Cybersecurity, or a closely related field (or foreign education equivalent) and no experience.
OR
Bachelor’s degree in Engineering, Computer Science, Cybersecurity, or a closely related field (or foreign education equivalent) and five (5) years of experience as a Senior Software Process Engineer (or related occupation) testing or analyzing and evaluating security of software applications.
Special Requirements:
- Demonstrated expertise identifying and exploiting security vulnerabilities using security testing tools using Metasploit, Burpsuite, Immunity Debugger, or IDA Pro.
Demonstrated expertise performing threat analysis using threat modeling methodologies - STRIDE or DREAD- and modeling tools - - Microsoft Threat Modeling tool, OWASP Threat Dragon, or Threat Modeler.
- Demonstrated expertise analyzing security issues, providing comprehensive reports on potential vulnerabilities, and effectively communicating these findings to mitigate and prevent future risks.
- Demonstrated expertise creating and improving processes to support the Software Development Life Cycle (SDLC) according to scrum-based Agile methodologies.
[Expertise may be gained during Graduate program.]