Principal Offensive Security Developer

Job Requisition ID # 25WD91774 _English translation will follow/La traduction en anglais suivra_ 25WD91774, Du00e9veloppeur principal en su00e9curitu00e9 offensive Aperu00e7u du Poste Vous u00eates passionnu00e9 par les ordinateurs, les logiciels et l'art de du00e9monter des codes, des appareils, voire des voitures ? Vous aimez protu00e9ger les gens contre les menaces numu00e9riques, qu'elles proviennent de cybercriminels ou d'une simple erreur humaine ? Si vous avez du00e9ju00e0 lu _2600_ ou cu00e9lu00e9bru00e9 l'u00e9dition anniversaire de _Phrack_ u00e0 DEFCON33, nous avons peut-u00eatre le poste idu00e9al pour vous. Chez Autodesk, nous transformons la fau00e7on dont le monde est conu00e7u et construit. Notre mission est de permettre u00e0 nos clients de cru00e9er des bu00e2timents u00e9cou00e9nergu00e9tiques et u00e0 faible empreinte carbone gru00e2ce u00e0 des logiciels de pointe. Nous faisons entrer le secteur de l'architecture, de l'ingu00e9nierie et de la construction (AEC) dans une nouvelle u00e8re, celle de l'intelligence artificielle et des plateformes de donnu00e9es connectu00e9es. Alors que nous devenons le partenaire de confiance du secteur AEC, nous recherchons une personne capable de contribuer u00e0 la su00e9curitu00e9 de nos innovations. Autodesk recrute un du00e9veloppeur principal en su00e9curitu00e9 offensive pour se joindre u00e0 notre aventure. u00c0 ce poste, vous apporterez votre expertise en su00e9curitu00e9 offensive u00e0 une u00e9quipe de technologues passionnu00e9s. Vous du00e9couvrirez des amu00e9liorations critiques en matiu00e8re de su00e9curitu00e9 dans nos produits et identifierez des moyens cru00e9atifs d'amu00e9liorer nos systu00e8mes, nos processus et nos pratiques. Vous collaborerez avec diffu00e9rentes u00e9quipes et ru00e9gions gu00e9ographiques, en leur apportant vos connaissances et votre soutien pour remu00e9dier aux vulnu00e9rabilitu00e9s. Vous contribuerez u00e0 faire u00e9voluer notre cycle de vie de du00e9veloppement logiciel su00e9curisu00e9 (SSDLC) au sein des u00e9quipes AEC et u00e0 amu00e9liorer nos processus de ru00e9ponse aux vulnu00e9rabilitu00e9s et aux attaques zero-day. Nous investissons u00e9galement dans votre du00e9veloppement : ce poste vous offre la possibilitu00e9 de participer u00e0 des confu00e9rences et u00e0 des sessions de formation de haut niveau sur la su00e9curitu00e9 tout au long de l'annu00e9e, afin que vous puissiez affiner vos compu00e9tences et apporter de nouvelles idu00e9es. Il s'agit d'un poste u00e0 distance ouvert aux candidats ru00e9sidant aux u00c9tats-Unis ou au Canada (la cu00f4te Est est fortement pru00e9fu00e9ru00e9e). Responsabilitu00e9s + Travailler avec l'architecte principal distinguu00e9, Trust, pour documenter, maintenir et amu00e9liorer le cycle de vie su00e9curisu00e9 du du00e9veloppement logiciel AEC + Travailler avec l'organisation Trust dans divers domaines de la gestion des vulnu00e9rabilitu00e9s de su00e9curitu00e9 et de la ru00e9ponse aux vulnu00e9rabilitu00e9s zero-day + Gu00e9rer et faire u00e9voluer les processus de ru00e9ponse aux vulnu00e9rabilitu00e9s de su00e9curitu00e9 AEC et DoD + Servir de point de contact principal pour les rapports AEC 0-day et aider u00e0 impliquer les chercheurs et les du00e9veloppeurs + Effectuer de maniu00e8re proactive des tests de fuzz, des recherches et des enquu00eates sur les produits et processus AEC afin d'identifier les problu00e8mes de su00e9curitu00e9 et les amu00e9liorations possibles + Soutenir tous les processus BPM liu00e9s aux incidents de su00e9curitu00e9 AEC + Assister les u00e9quipes d'ingu00e9nieurs dans le du00e9veloppement de codes su00e9curisu00e9s gru00e2ce u00e0 votre expertise + Contribuer u00e0 la mise en place de politiques, de procu00e9dures et de normes visant u00e0 amu00e9liorer la posture de su00e9curitu00e9 + Collaborer avec les du00e9veloppeurs AEC afin de mettre en place des formations, des ressources de sensibilisation et d'autres mu00e9canismes visant u00e0 amu00e9liorer considu00e9rablement la su00e9curitu00e9 des produits AEC + Collaborer avec d'autres du00e9veloppeurs de l'entreprise afin de partager les pratiques en matiu00e8re de su00e9curitu00e9 logicielle, les enseignements tiru00e9s et d'amu00e9liorer la transparence et l'efficacitu00e9 + Gu00e9rer les diffu00e9rents composants des mu00e9tadonnu00e9es de su00e9curitu00e9 dans le catalogue de logiciels, y compris leur cru00e9ation, leur du00e9nomination et leur maintenance + Participer aux ru00e9unions Trust au sein de l'organisation AEC (toutes les deux semaines, tous les mois et tous les trimestres) + Participer u00e0 des u00e9vu00e9nements professionnels et u00e0 d'autres conventions/confu00e9rences afin de du00e9couvrir de nouvelles techniques de su00e9curitu00e9 logicielle et d'amu00e9liorer continuellement l'impact de ce ru00f4le Qualifications Minimales + Licence ou master ou expu00e9rience u00e9quivalente en cybersu00e9curitu00e9/informatique (ou dans un domaine technique connexe) + Plus de 5 ans d'expu00e9rience pratique en su00e9curitu00e9 offensive ou plus de 7 ans d'expu00e9rience mixte + Expu00e9rience des outils, techniques et mu00e9thodologies de su00e9curitu00e9 offensive + Expu00e9rience dans l'utilisation de langages de programmation (par exemple, C, C++, C#, Rust, Go, Javascript, Java, Python, Perl, PHP, TypeScript...) + Expu00e9rience de la collaboration avec des u00e9quipes interorganisationnelles Qualifications Souhaitu00e9es + Expu00e9rience dans la ru00e9daction de rapports et la communication de concepts de su00e9curitu00e9 complexes au personnel technique + Connaissance des pratiques logicielles modernes, notamment l'intu00e9gration continue, la livraison continue et l'infrastructure en tant que code + Connaissance des disciplines de su00e9curitu00e9 en dehors de la su00e9curitu00e9 offensive (confidentialitu00e9, GRC, Blue Teaming, sensibilisation) + Connaissance de l'authentification/autorisation u00e0 l'aide d'OAuth2.0, OICD, SPIFFE, FIDO2, etc + Connaissance des systu00e8mes distribuu00e9s u00e0 grande u00e9chelle, contenant des applications hybrides sur ordinateur de bureau, mobile et web + Expu00e9rience dans le secteur AEC ou dans un autre secteur ru00e9glementu00e9 Le candidat idu00e9al + Collabore facilement avec les autres membres d'une u00e9quipe pour apporter de la valeur ajoutu00e9e + S'efforce constamment d'apprendre de nouvelles technologies et mu00e9thodologies + Est adaptable, orientu00e9 client et recherche de nouvelles fau00e7ons de ru00e9soudre des problu00e8mes complexes + Est transparent et travaille de maniu00e8re ouverte et collaborative, en tirant parti de l'automatisation ------------------------------------------------------------------------------------------------------------------------------------ 25WD91774, Principal Offensive Security Developer Position Overview Are you passionate about computers, software, and the art of dismantling code, devicesu2014even cars? Do you love protecting people from digital threats, whether they come from cybercriminals or simple human error? If youu2019ve ever read _2600_ or celebrated the _Phrack_ anniversary edition at DEFCON33, we might have the perfect role for you. At Autodesk, weu2019re transforming how the world is designed and built. Our mission is to empower customers to create energy-efficient, low-carbon-footprint buildings through cutting-edge software. Weu2019re leading the Architecture, Engineering, and Construction (AEC) industry into a new erau2014one powered by AI and connected data platforms. As we grow into the Trusted Partner for the AEC industry, weu2019re looking for someone who can help keep our innovations secure. Autodesk is hiring a Principal Offensive Security Developer to join our journey. In this role, youu2019ll bring your offensive security expertise to a team of passionate technologists. Youu2019ll uncover critical security improvements in our products and identify creative ways to enhance our systems, processes, and practices. Youu2019ll collaborate across teams and geographies, offering insight and support as they address vulnerabilities. Youu2019ll help mature our Secure Software Development Lifecycle (SSDLC) across AEC teams and improve our vulnerability and zero-day response processes. We also invest in your growthu2014this role includes opportunities to attend top security conferences and training sessions throughout the year, so you can sharpen your skills and bring back fresh ideas. This is a remote position open to candidates in the United States or Canada. (East Coast strongly preferred). Responsibilities + Work with the Senior Distinguished Architect,Trust; to document, maintain, and improve the AEC Secure Software Development Lifecycle + Work with theTrustOrganization in various Security Vulnerability Management and 0-day response capacities + Manage and mature the AEC security vulnerability and DoD response processes + Act as primary point of contact for AEC 0-day reports and assist in engaging Researchers and Developers + Proactively fuzz, research, and investigate AEC Products and Processes for Security issues and improvements + Support all AEC Security incident BPM processes + Assist engineering teams in secure code development through expertise + Help with setting up policies, procedures, and standards to improve Security Posture + Engage with AEC developers to establish training, awareness resources, and other mechanisms to dramatically improve the security of AEC products + Partner with other developers across the company to share Software Security practices, lessons learned, and improve transparency and efficiency + Own the various Security metadata components within the Software Catalog, including creation, naming, and maintaining + AttendTrustmeetings across the AEC organization (bi-weekly, monthly, and quarterly) + Attend industry events and other conventions/conferences to gather new Software Security techniques and to continuously improve this rolesu2019 impact Minimum Qualifications + BS or MS or Equivalent Experience in Cybersecurity/Computer Science (or related technical field) + 5+ years of hands-on Offensive Security experience or 7+ years of a mix + Experience with Offensive Security tools, techniques, and methodologies + Experience working with programming languages (Eg. C, C++, C#, Rust, Go, Javascript, Java, Python, Perl, PHP, TypeScript...) + Experience collaborating with cross-organizational teams Preferred Qualifications + Experience with writing reports and communicating complex security concepts to technical personnel + Familiarity with modern software practices including Continuous Integration, Continuous Delivery, and Infrastructure-as-Code + Familiarity with Security Disciplines outside of Offensive Security (Privacy, GRC, Blue Teaming, Awareness) + Familiarity with authentication/authorization using OAuth2.0, OICD, SPIFFE, FIDO2, etc. + Familiarity with large-scale distributed systems, containing hybrid applications across desktop, mobile, and web + Experience in the AEC industry or other regulated industryThe Ideal Candidate + Easily collaborates with other members of a team to deliver value + Constantly strives to learn new technologies and methodologies + Is adaptable, customer-focused, and seek new ways to solve hard problems + Is transparent and work in an open sharing manner, leveraging automation Learn More About Autodesk Welcome to Autodesk Amazing things are created every day with our software u2013 from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made. We take great pride in our culture here at Autodesk u2013 itu2019s at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world. When youu2019re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us Salary transparency Salary is one part of Autodesku2019s competitive compensation package. For U.S.-based roles, we expect a starting base salary between $138,100 and $223,300. Offers are based on the candidateu2019s experience and geographic location, and may exceed this range. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package. Equal Employment Opportunity At Autodesk, we're building a diverse workplace and an inclusive culture to give more people the chance to imagine, design, and make a better world. Autodesk is proud to be an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender, gender identity, national origin, disability, veteran status or any other legally protected characteristic. We also consider for employment all qualified applicants regardless of criminal histories, consistent with applicable law. Diversity & Belonging We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: Are you an existing contractor or consultant with Autodesk? Please search for open jobs and apply internally (not on this external site).

Created: 2026-01-05