|
|
|
|
|
|
by woodruffw
1241 days ago
|
|
|
"Cybersecurity research" is a very large domain, so it's hard to offer a wholly encompassing answer here! The company I work for[1] does a great deal of program analysis research, primarily in and around the LLVM ecosystem. Other companies/groups in our domain(s) include Galois, Inria, and GrammaTech. In terms of working in our domain: we frequently find it difficult to hire for pre-existing compilers or program analysis skills (it's a small community!), so we generally long for strong engineers with security/low-level fundamentals who don't mind making a pivot. As for how the job is: I personally find it very fulfilling, but it definitely contains a degree of uncertainty (particularly when doing government-funded research) that ordinary SWEs/SREs may not be used to. I've noticed that it takes new hires a decent amount of time to acclimate and become comfortable with the idea of research engineering, meaning engineering where we expect less than 100% of all exploratory avenues to have productive outcomes. This can be a large culture shock compared to typical engineering, where tasking is defined primarily by business requirements that don't contain a large degree of uncertainty or ambiguity in terms of implementation approach. [1]: https://www.trailofbits.com/ |
|
|