NO SPONSORSHIP - NO OPT
Security Vulnerability Researcher
SALARY: $200k - $230k
LOCATION: REMOTE except for no Alaska, North Dakota, Nebraska, Hawaii, Oklahoma, Vermont, Maine, West Virginia, Wyoming, New Hampshire, Puerto Rico
You will have experience doing annual source code reviews, binary analysis, vulnerability assessments, dynamic testing, threat modeling and security architecture review. web applications APIs cloud infrastructure Azure Cloud security configuration red teaming penetration testing provide working exploits (CVEs) automation security analysis AFL and peach python java c# PowerShell OWASP NIST 800 Mitre attack buffer overload machine architecture AI vulnerability technologies purple team exercises
The Vulnerability Researcher is responsible for analyzing systems, software, architectures, and strategies to discover impactful, unknown vulnerabilities and security weaknesses, including those affecting AI/ML systems and AI-enabled technologies and services. This work proactively identifies classes of vulnerabilities and exploitation opportunities that inform mitigation strategies and secure design.
Qualifications
7+ years of professional work experience in the cybersecurity industry with Bachelor s degree or equivalent work experience.
Understanding of all phases of adversary emulation operations, including reconnaissance, social engineering, exploitation, post-exploitation, covert techniques, lateral movement, and data exfiltration.
Extensive experience in offensive cybersecurity roles, such as red teaming, penetration testing (e.g., web, infrastructure, cloud), and purple team exercises across cloud and on-prem environments.
Robust understanding of contemporary security theory, application exploitation techniques, and attack vectors, including the vulnerability lifecycle and scanning methodologies (SAST, DAST, IAST, RASP).
Experience developing and managing testing methodologies that adhere to common security guidelines such as OWASP and frameworks such as NIST 800 or MITRE ATT&CK.
Solid understanding of computer architecture and organization with respect to binary analysis and exploitation.
Ability to analyze, create, and debug shellcode and other low-level exploits.
Experience developing custom security software (offensive or defensive) in one or more compiled languages.
Demonstrated ability to reverse engineer binaries, enumerate vulnerabilities in compiled software, and provide working exploits (e.g., CVEs, public acknowledgements, or the ability to demonstrate on demand).
Familiarity with automated security analysis and fuzzing tools (e.g., AFL and Peach).
Demonstrated ability to discover vulnerabilities via static analysis and source code review.
Working understanding of key programming languages and frameworks (e.g., Java, Node.js, Python, JSP, including the ability to quickly learn new languages, understand their security implications, and enumerate vulnerabilities in custom-developed software packages.
Familiarity with scripting and programming in Python, PowerShell, or C#, with the ability to create and customize tools.