Lead Software Security Researcher

Finite State partners with product security teams, the guardians of our connected world, to create transparency for their connected devices and supply chains. Our platform handles connected devices and embedded systems across all industries, including those found in enterprises, healthcare, utilities, connected vehicles, manufacturing facilities, critical infrastructure, and government entities. 

We are a fast-growing series-B company with a fully distributed workforce. Led by a team of seasoned experts, we are a mission-driven team passionate about arming our customers with the actionable insights, critical vulnerability data, and remediation guidance necessary to mitigate product risk and protect the connected attack surface. We are committed to a remote first culture.

Role summary

Finite State is looking for a Lead Security Researcher. In this role you will work on the Software Testing Pipeline team to develop, maintain, and expand Finite State security analysis. You will collaborate with other engineering teams and lead projects extending the reach and accuracy of our software analysis tools, and develop unique solutions to problems that have never been solved before. Our tools analyze compiled binaries (focusing on embedded devices), as well as source code and other artifacts.

You must be based in and authorized to work in Canada, the UK, or the EU.

As a Lead Security Researcher, you will:

• Lead projects to develop proofs of concept and implement new static analysis methods for the Finite State Software Testing Pipeline,
• Lead efforts to identify & prioritize security risks (CVEs; CWEs; network, device, and configuration issues; key and credential analysis; etc). You will build tools (or leverage existing tools) to identify these risks in binary software.
• Develop techniques for software composition analysis focused on binary analysis for both statically and dynamically compiled software.
• Gain familiarity with all parts of the analysis pipeline to effectively contribute as needed in all analysis domains
• Be responsible for pragmatic technical decision-making to ensure we're delivering high quality software on a reasonable schedule
• Uphold our core values of transparency, results, accountability, customer dedication, and courage
• Champion our mission to protect our connected world

What we’re looking for:

• A motivated contributor willing to dive in to solve a wide array of difficult and novel problems 
• Proven experience working in security research or software analysis
• Experience in implementing and utilizing static-analysis and dynamic-analysis tools.
• Experience with disassemblers and other reverse-engineering tools
• For example: Ghidra, IDA Pro, binwalk, etc.
• Understanding of common vulnerability & software weakness classes 
• Programming skills in Python, and an affinity for automated testing
• Experience working on small, fast-paced, teams
• Strong communication and collaboration skills

It’s a plus if you also have:

• Data science, machine learning, and LLM skills
• Experience working with or analyzing real time operating systems (RTOS)
• Experience with AWS or similar cloud platform environments
• A growth mindset and the ability to mentor and advise engineers across the department

What’s in it for you:

• Competitive salary with stock option grant
• Fully covered medical, dental, vision
• Unlimited PTO & outstanding parental leave
• WFH stipend
• Short and long-term disability coverage
• Life insurance

Finite State’s Tech Stack

• Kubernetes, Helm, Terraform 
• AWS EKS, RDS, S3
• Python, Java
• Apache Airflow
• PostgreSQL, Redis, ArangoDB
• Ghidra, Joern
• Replicated (supporting our on-premise offering)
• GitHub Actions, ArgoCD
• Prometheus, Grafana, Honeycomb
• Cursor, Devin, Github Copilot, etc.

About Us

Built on two decades of cybersecurity experience, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

Finite State has a transparent, collaborative and supportive culture - we are looking for people who have a growth mindset, are curious and innovative, and drive results. Our team is smart, but humble, hard working with lots of fun sprinkled in. Above all, our team is driven by our noble mission and we hold ourselves accountable to delivering to our customers every single day.

The Finite State platform brings visibility and control to the supply chains that create connected devices and embedded systems—all in a simple to use platform and at the scale manufacturers need to keep device production on time and on budget. After unpacking and analyzing every file, configuration, and setting in a firmware build, the platform generates a complete bill of materials for software components, identifies known and 0-day vulnerabilities, shows a contextual risk score, and provides actionable insights that product teams can use to secure their software

We are proud to be an Equal Employer Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Finite State is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities.