Advanced Software Security Engineer 21-0056
We are Relativity. A market-leading, global tech company that equips legal and compliance professionals with a powerful platform to organize data, discover the truth, and act on it. The US Department of Justice, 199 of the Am Law 200, and more than 329,000 enabled users trust Relativity during litigation, internal investigations, and compliance projects.
Our SaaS product, RelativityOne, has become the fastest-growing product in the company's history and we have consistently been named a great workplace. As we grow, we continue to seek individuals that will bring their whole, authentic self to our team.
We believe that great talent is not bound by geography and that what you do matters more than where you do it. Relativity has assumed a hybrid work strategy, allowing choice and flexibility for employees to work either from home, a physical Relativity office location (once safe to do so), or a combination of the two, within certain logistical boundaries. Submit your application to learn more from our recruiters or contact us for more details.
If you're interested in learning more about our benefits, click here.
On the Application Security team, we're focused on working with Relativity’s engineering teams to create solutions protecting our customer’s data. As part of the Application Security team, you will provide solutions, verify implementations and perform penetration tests.
You might like this role if you love:
- learning about new technologies and their secure implementation
- finding security vulnerabilities and helping team fix them
- thinking about problems and solving the root cause instead of just the current symptoms
- sharing your knowledge with others
- providing general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
- performing threat modeling on products, even if they don't fit a common pattern
- reliably estimating the likelihood of given threats when building a threat model
- conducting code reviews
- interacting with project teams to seek implementation and completion of security requirements
- documenting processes based on established guidelines
- identifying or writing exploit code for high complexity vulnerabilities such as remote code execution, memory corruption or SQL injection
- defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
- experience in building threat models for web applications
- familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
- deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
- ability to follow established processes
- ability to juggle several high visibility projects
- ability to read code in mainstream programming languages such as Python, C#, Java
- university degree or relevant experience