Post Fri Jul 25, 2008 8:16 am

Full Time Security Professional- Advanced Threat Analysis

Research In Motion is a leading designer, manufacturer and marketer of innovative wireless solutions for the worldwide mobile communications market. RIM's portfolio of award-winning products, services and embedded technologies include the BlackBerry® wireless platform, the BlackBerry smartphone product line, software development tools, radio-modems and software/hardware licensing agreements.

Position Summary: Full Time Permanent Position- Waterloo, ON

The Security Researcher will work with the BlackBerry Security team and other internal groups to actively test, measure and extend product security.  The incumbent will track and assist in the resolution of any issues found and will work to promote and cultivate secure engineering practices within the development organization. The successful candidate will also assist the Product Security Response and Outreach Team in managing the resolution of product security incidents as may arise.

Duties will include the following;
  • Identify, parameterize and resolve BlackBerry specific threats
    Develop, manage and document test methodologies, systems and equipment
    Produce technical evidentiary documentation findings and impact
    Conduct research and reports on current and emerging threats in the relevant product space  and on specific technology issues as required
    Advise on the safe integration of said technologies and advise the development team as to required product features or changes to support a strong ongoing security stance
    Using effective oral and written communication skills, the candidate must be able to efficiently and creatively solve  security issues by making insightful and timely decisions, in complex enterprise environments
    Liaise with various internal teams and external parties to facilitate the smooth and expedient resolution of product security issues and associated communications.

Skills and qualifications:

Expertise in multiple technical areas, with in-depth knowledge of multiple security domains including;

  • Proven ability to hack hardware and software, discover flaws and suggest improvements
    Secure coding methodology and best practices
    Strong programming /debugging skills with proficiency in one or more of the following  sets;
  a. Java, JavaME
  b. Windows system level programming (C/C++)
  c. x86 ASM and OS concepts
  d. ARM ASM and embedded OS concepts
  e. AJAX, Javascript, PHP
  • Demonstrated analytical and creative problem solving abilities
    Strong written and verbal communication skills including the ability to convey highly technical information in an accessible manner.
    The ability to work with minimal supervision as part of a multi-disciplinary team
    Possess a strong work ethic and desire to get the job done
    Bachelor degree, Masters degree or equivalent in a computer science/engineering related field

  • Product and network penetration testing
    Application security configuration and best practices
    Automated code analysis for security issues (static analysis in particular)
    Database security
    Wireless communications security  (802.11, Bluetooth, cellular data etc)
    Voice over IP (VOIP) security
    Analyzing malware
    Experience with digital hardware engineering, test and debugging

Interested candidates should send their updated resume to