Vulnerability Researcher

Application window is expected to close on 12/2/24

Security research including development of tools for vulnerability discovery, analysis, and mitigation. Development of fuzzers and static analysis tools to identify new vulnerabilities in software. Development of static and run-time analysis tools to figure out root cause and input conditions related to a vulnerability. Vulnerability triage and proof of concept exploit development to support the creation of detection content. Additional responsibilities include helping users and other analysts with setup, installation, and usage of the vulnerability research tools and demonstrating leadership in the security community through publishing open-source tools, papers, presentations, and blog posts.

• Perform security analysis to discover new vulnerabilities in software and/or embedded systems.
• Create tools for the discovery and triage of vulnerabilities.
• Write detailed technical advisories on new vulnerabilities.
• Develop proof of concept exploits for testing IPS and IDS effectiveness.
• Perform patch analysis to find and trigger vulnerabilities.
• Reverse engineer binary applications, protocols, and formats.
• Analyze zero-day vulnerabilities and emerging security threats and technologies.
• Demonstrate leadership within the security community.

• 3+ years of experience in vulnerability research or a closely related area, e.g. exploit, fuzzing or mitigation development
• Bachelor's degree or equivalent in Computer Science, Electrical Engineering, Cyber Security, or other tech-related degree (or equivalent due to work experience)

• 5+ years' experience with vulnerability research
• 3+ years' experience with binary auditing and reverse engineering, and with related tools such as IDA Pro, Binary Ninja, Ghidra, etc. and with plugin development.
• 3+ years' experience with C/C++, and a scripting language (e.g., Python), and assembly (e.g., x86/x64, ARM, etc.)
• 3+ years' experience with common vulnerabilities and methods of exploitation, such as memory corruption, web application exploitation, file format vulnerabilities, protocol-based weaknesses, etc.
• Published technical contributions to the security community (e.g. CVEs, security advisories, blog posts (0-day/n-day analysis), open source contributions, academic publications, etc.)
• Candidates with experience in vulnerability research in industrial control systems are encouraged to apply
• Knowledge of common file format and network protocol structures.
• Ability to work independently with minimum supervision and to tackle additional tasks as the need arises.