CA Technologies Principal, Strategic Research in London, United Kingdom

Do you want to help eliminate barriers between ideas and business outcomes? We want you to bring your unique experiences and creative ideas to the table. CA Technologies provides software and solutions that help our customers to develop, manage, and secure complex IT environments to increase productivity and enhance competitiveness in their businesses. It’s our aim to encourage global collaboration and results-oriented innovation, while supporting and developing our talented people and our communities. CA Technologies will empower you to drive authentic success, for both the business and yourself in the application economy.

  • Title: Principle Strategic Research*

  • Location: London*

  • Competitive Salary and Benefits Package*

  • Posting Date: 18th June 2018 – Posting Close Date 18th July 2018*

  • Description*

The Principle Strategic Research for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode’s dynamic scanner offerings.

  • Responsibilities*

  • Conduct research and development for automating web application attacks.

  • Conduct research for improving techniques for detection of vulnerabilities.

  • Develop attack signatures for specific classes of vulnerabilities.

  • Define developer focused specifications for new attacks.

  • Work with management to set priorities and goals for Veracode’s DAST offerings.

  • Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.

  • Develop test cases to demonstrate vulnerabilities and ensure products’ ability to identify them in an automated fashion.

  • Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.

  • Requirements*

This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It’s also crucial that you’re an effective communicator, as you’ll collaborate frequently with engineers to guide them in implementing the specifications you create. You’ll also need:

  • Extensive and practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.

  • Experience of software development.

  • Deep understanding of web browsers (i.e. security features, Document object model, JavaScript, etc.).

  • Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).

  • Ability to learn new programming languages and/or technologies quickly and independently

  • Ability to balance novelty of attacks with the restrictions automation demands.

  • Experience with automated application security testing products (SAST, DAST, etc.) a plus.

  • Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you’ll need interesting, relevant project ideas.

  • Prototyping ability – the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.

  • Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.

  • Strong analytical, organizational, and technical writing skills.

  • S. in Computer Science or equivalent industry experience.

If you want to fulfill your potential, be acknowledged for your achievements, and be given autonomy to make decisions for your business and customers; if you want to work with a company that respects you as an individual - recognizing both your needs at work and your responsibilities outside of it - then CA Technologies is where you belong. At CA Technologies your passion and expertise can directly impact the business and you’ll help offer our customers practical approaches to delivering new, innovative services and value through IT.

Learn more about CA Technologies and this opportunity now at


/ Note to Recruiters and Placement Agencies: We do not accept unsolicited agency resumes. Please do not forward unsolicited agency resumes to our website or to any of our employee. We will not pay fees to any third party agency or firm and will not be responsible for any agency fees associated with unsolicited resumes. Unsolicited resumes received will be considered our property and will be processed accordingly./