Expert Vulnerability Researcher

Entreprise: Request Technology - Robyn Honquest
Type d'emploi: Temps plein
Salaire: 180 000 USD/par an


Expert CRM Architect Vulnerability Researcher

Salary: $180k flex plus 20% bonus

Location: 100% remote

vulnerability assessments vulnerability researcher manual & automated source code review binary analysis threat modelling web applications APIs cloud infrastructure provides detailed reports with proof of vulnerabilities offensive cyber red teaming penetration testing.

The Expert Vulnerability Researcher is responsible for analysing systems, software, and security strategies to discover previously unknown vulnerabilities to proactively identify and mitigate emerging threats. This is accomplished by performing manual and automated source code review, binary analysis, vulnerability assessments, threat modelling, and security architecture review. This role requires research into the latest threat actors, attack vectors, and the offensive security techniques. Development of custom tooling and automation will be required to supplement manual vulnerability discovery.

Essential Duties:

  • Performs vulnerability assessments using industry best practices on various environments, including web applications, APIs, and cloud infrastructure
  • Develops and manages testing methodologies that adhere to common security guidelines and NIST standards
  • Conducts an evaluation of cloud security configurations, identifies prevalent vulnerabilities in cloud security controls, and improves and maintains cloud testing standards
  • Provides detailed reports with proof of vulnerabilities, guidance, and advice to support customer teams through vulnerability remediation
  • Develops and communicates comprehensive and accurate reports and presentations for client stakeholders including technical staff and executive leadership
  • Maintains communication with management regarding development within assigned responsibilities and performs special projects as required
  • Researches and develops innovative techniques, tools, and methodologies for vulnerability research and red team activities
  • Exercises thought leadership in the development and execution of security threats and malicious actors
  • Develops leadership-level communications, including management specific metrics, white papers, procedures, thought position papers, etc.
  • This list is not all-inclusive, and you are expected to perform other cybersecurity-congruent duties as requested or assigned

Experience and Education:

  • 7+ years of work experience in the Cyber Security industry
  • Bachelor's Degree
  • Extensive experience in offensive cybersecurity roles, such as red teaming, penetration testing (eg, web, infrastructure, cloud), purple team exercises in cloud and on-prem environments
  • A robust understanding of contemporary security theory and application exploitation techniques and attack vectors (including the vulnerability life cycle and scanning methodologies (SAST, DAST, IAST, RASP)
  • Experience developing and managing testing methodologies that adhere to common security guidelines such as OWASP and frameworks such NIST 800 or MITRE ATT&CK
  • A solid understanding of computer architecture and organization with respect to binary analysis and exploitation
  • Ability to analyze, create, and debug shellcode and other low-level exploits
  • Experience developing custom security (either offensive or defensive) software in one or more compiled languages
  • Demonstrated abilities to reverse engineer binaries, enumerate vulnerabilities in compiled software, and provide working exploits (eg, CVEs, public acknowledgements, or ability to demonstrate on demand)
  • Familiarity with automated security analysis and fuzzing tools (eg, AFL and Peach)
  • Demonstrated ability to discover vulnerabilities via static analysis and source code review
  • A working understanding of key programming languages and frameworks (eg, Java, Node.js, Python, JSP, etc.), including the ability to pick up new languages quickly, understand the security implications of those languages, and enumerate vulnerabilities in custom-developed software packages that leverage those languages
  • Familiarity with Scripting/programming of Python, PowerShell, or C# with the ability to create and customize tools
  • Excellent written and verbal communication skills (technical writing, documentation development, process mapping, and visualization)
  • Must be able to communicate technical concepts to technical and non-technical audiences effectively and communicate well with people in various positions, roles, and levels.
  • Strong analytical and problem-solving skills; ability to examine issues strategically and analytically
  • Ability to interact well with co-workers and outside contacts; ability to work collaboratively in a team environment
  • Ability to work on multiple, simultaneous initiatives and prioritize workload to meet commitments
  • Self-motivated with a strong sense of urgency with an adaptive mindset and a demonstrated propensity to learn quickly