Security Risk Advisors | Senior Software Development Engineer (SDE III) | REMOTE (USA) Full time | https://sra.io/careers/
We're looking for a Senior Java Engineer experienced with Java web app frameworks such as Spring Boot, and Postgres including data modeling and query optimization. You will be supporting the development of VECTR, a Purple Team analysis, reporting and attack automation platform. Our tech stack is: AWS, Docker, Java, Postgres, Vue.
Security Risk Advisors is a fast-growing cybersecurity consulting company. Our clients are concentrated in the Fortune 1000 and Global 1000. We have a fast-paced, agile, and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients. Our engineering team has a remote-first culture and supports product development and our consulting teams.
Interview process: (1) Recruiter, (2) tech screen with a manager, (3) experience discussion, (4) system design.
Is this actually a fully remote position? The job posting does not say clearly that it is. It says "remote" at the top, but in the posting it only says "This job operates in a professional office environment or remotely as needed/required."
Are you hiring folks who live in California? If so, you're missing the (required by law) salary range. (As well as other states who have similar laws.)
Security Risk Advisors | Senior Software Development Engineer (SDE III) | REMOTE (USA) Full time | https://sra.io/careers/
We're looking for a Senior Java Engineer experienced with Java web app frameworks such as Spring Boot, and Postgres including data modeling and query optimization. You will be supporting the development of VECTR, a Purple Team analysis, reporting and attack automation platform. Our tech stack is: AWS, Docker, Java, Postgres, Vue.
A little bit about us: Security Risk Advisors is a fast-growing cybersecurity consulting company. Our clients are concentrated in the Fortune 1000 and Global 1000. We have a fast-paced, agile, and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients. Our engineering team has a remote-first culture and supports product development and our consulting teams.
Interview process: (1) Recruiter, (2) tech screen with a manager, (3) experience discussion, (4) system design.
We're looking for a Senior Engineer, preferability fullstack, but frontend or backend focused is great too! This position will be focused primarily as an IC, but an ideal candidate would have experience being a mentor and have a continued interest in developing junior engineers. You will be supporting the development of VECTR, a Purple Team analysis, reporting and attack automation platform.
A little bit about us: Security Risk Advisors is a fast-growing cybersecurity consulting company. Our clients are concentrated in the Fortune 1000 and Global 1000. We have a fast-paced, agile, and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients. Our engineering team has a remote-first culture and supports product development and our consulting teams.
Interview process: Recruiter, 1-2 tech screens (no whiteboarding), final round in-person or virtual (depending on location).
I would also suggest to add some validation to your file upload. Currently you are allowing arbitrary files to be uploaded. Even though it is password protected, it is still trivial to brute force even with your sleep(3). The danger with allowing arbitrary file upload is someone can upload a script (PHP file for example) and run it basically allowing arbitrary code execution. This can lead to a whole slew of other issues.
To get started, I would suggest:
1. Generating your own file names w/extension instead of relying on $_FILES['filetoupload']['name']
2. After move_uploaded_file(), change file permissions to 644 to help mitigate possibility of file execution
3. Use getimagesize() to determine if file is indeed an image. It is still possible to embed code into a validate image to bypass getimagesize(), but #1 will help prevent Apache/etc from interpreting the file as PHP.
4. Ideally you would also strip metadata from the image file and only keep resized images and delete the originals.
Also would suggest that you do not use the same password on your demo site as you have posted on Github.
We're looking for a Senior Java Engineer experienced with Java web app frameworks such as Spring Boot, and Postgres including data modeling and query optimization. You will be supporting the development of VECTR, a Purple Team analysis, reporting and attack automation platform. Our tech stack is: AWS, Docker, Java, Postgres, Vue.
Security Risk Advisors is a fast-growing cybersecurity consulting company. Our clients are concentrated in the Fortune 1000 and Global 1000. We have a fast-paced, agile, and fun culture that focuses exclusively on cutting edge cybersecurity engagements that solve the emerging needs of our clients. Our engineering team has a remote-first culture and supports product development and our consulting teams.
Interview process: (1) Recruiter, (2) tech screen with a manager, (3) experience discussion, (4) system design.
For more information and to apply: https://wrkbl.ink/2C7ZXeZ
Learn more about VECTR here: https://vectr.io/