Remote, US

Principal Security Researcher

Looking for an innovative, high-growth company in one of the hottest segments of the security market?  Look no further than Veracode!

Veracode is recognized as a premier provider of SaaS-based application security solutions, transforming the way companies secure applications in today’s software driven world. We provide our customers with a solid foundation on which to build security into their modern agile development processes. Learn more about us at!

We are seeking a Principal Security Researcher to join Veracode’s Applied Research Group. The Principal Security Researcher will lead research projects for improving the capabilities and quality of Veracode’s Static Application Security Testing (SAST). They will also conduct original security research to give back to the community and advance its knowledge.

Key Aspects of the Role:

  • Conduct research to identify potential weaknesses and security vulnerabilities in Javascript and Rust applications, and other languages compiled into Web Assembly as well as others as the need arises.
  • Describe vulnerabilities and potential exploits, and produce proofs of concept and representative examples to aid engineering teams in building product capabilities
  • Engage in binary and source static analysis/reverse-engineering of applications
  • Conduct research to improve automation, accuracy, and efficiency of detection techniques and related systems, using both our own proprietary software as well as open-source tools.
  • Contribute expertise to Veracode’s customer- and public-facing documentation to ensure information is current, accurate, and actionable
  • Mentor and provide technical guidance to developers and researchers
  • Actively participate in the software security community by attending and presenting at industry conferences, conducting and publishing original research, contributing articles to the Veracode blog and/or trade blogs and magazines, etc.

What you’ll need:

  • 3+ years of practical reverse-engineering or binary static-analysis experience, including familiarity with Abstract Syntax Trees (AST), reflection, or other code transformation approaches; compilers and associated tooling; and decompilers, disassemblers, and/or debuggers used in binary analysis
  • 2+ years of practical application security experience, such as source code auditing, penetration testing, product assessment, vulnerability research
  • The ability to enter a “breaker” mentality – Veracode is defensively-oriented, but our research requires an offensive mindset, including the ability to asses the attack surface of a piece of software.
  • Prototyping ability – must be comfortable producing “quick and dirty hacks” to demonstrate a concept or solve a one-off problem
  • Strong professional skills:
    • Attention to detail as part of a commitment to quality
    • Analytical and organizational capability for advocating, planning, and executing projects independently
    • Ability to understand technical and security issues from a customer points of view
  • Strong written and verbal communication ability in English, especially technical writing for a developer audience

What we offer you: 

  • Outstanding Medical, Dental, and Vision Coverage to meet all your healthcare needs. 
  • Wellness benefits to help you focus on what’s most important.
  • “Take What You Need” time off policy.
  • Extensive development and training offerings to help you grow your career at Veracode.
  • Generous 401k match to help save for your future.
  • Amazing community of professionals who take pride in what we do every day.







We're connecting diverse talent to big career moves. Meeting people who boost your career is hard - yet networking is key to growth and economic empowerment. We’re here to support you - within your current workplace or somewhere new. Upskill, join daily virtual events, apply to roles (it’s free!).
Are you hiring? Join our platform for diversifiying your team
Principal Security Researcher