***We are unable to sponsor as this is a permanent full-time role***
***REMOTE except for no Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico***
A prestigious company is looking for a Vulnerability Researcher Expert. This role will focus on manual source code review, binary analysis, vulnerability assessments, security architecture review, red teaming, pen-testing, CVE s, etc.
Responsibilities
- Conducts research to identify highly impactful, unknown vulnerabilities in a wide variety of applications and technologies, including AI-enabled applications and services
- Performs vulnerability assessments using industry best practices on various environments, including web applications, APIs, and cloud infrastructure
- Develops and manages testing methodologies that adhere to common security guidelines and NIST standards
- Conducts an evaluation of cloud security configurations, identifies prevalent vulnerabilities in cloud security controls, and improves and maintains cloud testing standards
- Provides detailed reports with proof of vulnerabilities, guidance, and advice to support customer teams through vulnerability remediation
- Researches and develops innovative techniques, tools, and methodologies for vulnerability research and red team activities
- Develops leadership-level communications, including management-specific metrics, white papers, procedures, thought position papers, etc.
Qualifications
- 7+ years of professional work experience in the cybersecurity industry with Bachelor s degree in Computer Science, Management Information Systems, or a related field, or equivalent work experience.
- Understanding of all phases of adversary emulation operations, including reconnaissance, social engineering, exploitation, post-exploitation, covert techniques, lateral movement, and data exfiltration.
- Extensive experience in offensive cybersecurity roles, such as red teaming, penetration testing (e.g., web, infrastructure, cloud), and purple team exercises across cloud and on-prem environments.
- Robust understanding of contemporary security theory, application exploitation techniques, and attack vectors, including the vulnerability lifecycle and scanning methodologies (SAST, DAST, IAST, RASP).
- Experience developing and managing testing methodologies that adhere to common security guidelines such as OWASP and frameworks such as NIST 800 or MITRE ATT&CK.
- Solid understanding of computer architecture and organization with respect to binary analysis and exploitation.
- Ability to analyze, create, and debug shellcode and other low-level exploits.
- Experience developing custom security software (offensive or defensive) in one or more compiled languages.
- Demonstrated ability to reverse engineer binaries, enumerate vulnerabilities in compiled software, and provide working exploits (e.g., CVEs, public acknowledgements, or the ability to demonstrate on demand).
- Familiarity with automated security analysis and fuzzing tools (e.g., AFL and Peach).
- Demonstrated ability to discover vulnerabilities via static analysis and source code review.
- Working understanding of key programming languages and frameworks (e.g., Java, Node.js, Python, JSP), including the ability to quickly learn new languages, understand their security implications, and enumerate vulnerabilities in custom-developed software packages.
- Familiarity with scripting and programming in Python, PowerShell, or C#, with the ability to create and customize tools.
Never miss an opportunity! Create an alert based on the job you applied for.
