Lead Software Security Researcher

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities.

We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.

Role summary

Finite State is looking for a Lead Security Researcher. In this role you will work on the Software Testing Pipeline team to develop, maintain, and expand Finite State security analysis. You will collaborate with other engineering teams and lead projects extending the reach and accuracy of our software analysis tools, and develop unique solutions to problems that have never been solved before. Our tools analyze compiled binaries (focusing on embedded devices), as well as source code and other artifacts.

You must be based in and authorized to work in Canada, the UK, or the EU.

As a Lead Security Researcher, you will:

• Lead projects to develop proofs of concept and implement new static analysis methods for the Finite State Software Testing Pipeline.
• Lead efforts to identify & prioritize security risks (CVEs; CWEs; network, device, and configuration issues; key and credential analysis; etc). You will build tools (or leverage existing tools) to identify these risks in binary software.
• Develop techniques for software composition analysis focused on binary analysis for both statically and dynamically compiled software.
• Gain familiarity with all parts of the analysis pipeline to effectively contribute as needed in all analysis domains.
• Be responsible for pragmatic technical decision-making to ensure we're delivering high quality software on a reasonable schedule.
• Uphold our core values of transparency, results, accountability, customer dedication, and courage.
• Champion our mission to protect our connected world.

What we’re looking for:

• A motivated contributor willing to dive in to solve a wide array of difficult and novel problems.
• Proven experience working in security research or software analysis.
• Experience in implementing and utilizing static-analysis and dynamic-analysis tools.
• Experience with disassemblers and other reverse-engineering tools.
• Understanding of common vulnerability & software weakness classes.
• Programming skills in Python, and an affinity for automated testing.
• Experience working on small, fast-paced teams.
• Strong communication and collaboration skills.

It’s a plus if you also have:

• Data science, machine learning, and LLM skills.
• Experience working with or analyzing real time operating systems (RTOS).
• Experience with AWS or similar cloud platform environments.
• A growth mindset and the ability to mentor and advise engineers across the department.

What’s in it for you:

• Competitive salary with stock option grant.
• Fully covered medical, dental, vision.
• Unlimited PTO & outstanding parental leave.
• WFH stipend.
• Short and long-term disability coverage.
• Life insurance.

About Us

Built on two decades of cybersecurity experience, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

Finite State has a transparent, collaborative, and supportive culture - we are looking for people who have a growth mindset, are curious and innovative, and drive results. Our team is smart, but humble, hardworking with lots of fun sprinkled in. Above all, our team is driven by our noble mission and we hold ourselves accountable to delivering to our customers every single day.

We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.