06 Feb Principal Vulnerability Security Researcher
Posted at 19:30h
in
Permanent
Dubai
Posted 5 years ago
Role
As a Principal Vulnerability Security Researcher, you will: Lead large security projects and analyze complex applications to understand how they work, where they have weaknesses and demonstrate how identified vulnerabilities can be exploited by developing Proof-of-Concepts.
Responsibilities
- Conduct research on new techniques, security mitigation and identify zero-day vulnerabilities
- Produce security advisories to vendors, write technical blog posts, present at conferences and create white papers
- Deliver security reports by performing security audits
- Mentor and coach colleagues in your area of expertise
- Nurture relationships with clients
- Improve testing methodologies
- Develop security tools
- Be a valued member in a great team of security experts and work in a lab environment
- Expert in reverse engineering, vulnerability discovery, triaging, mitigation and exploitation
- Excellent knowledge of system internals including kernel architecture and memory management
- Experienced with fuzzing frameworks, such as: AFL, WinAFL, ClusterFuzz, LibFuzzer and Honggfuzz
- Extensive experience in vulnerability analysis, patch analysis and determining exploitability using tools like: WinDBG, IDA Pro, Radare2, GDB and Binary Ninja
- Substantial knowledge of dynamic tools that detect bugs during project execution: AddressSanitizer, Valgrind, VTrace, pydbg and pykd
- In-depth knowledge of dynamic binary translation and tool development using frameworks such as DynamoRIO, PIN and DynIns
- Expertise in one or more programming languages
- Experience working with secure coding methodology, best practices and their implementation within engineering teams
- Proven participation in disclosure of vulnerabilities, blog, capture the flag events, conference presentations and bug bounty programs would be an advantage
- Strong foundations in computer architecture, network, web technologies, Operating Systems or embedded systems
- Excellent written and verbal communication skills; including the ability to convey highly technical information to non-technical audiences
Job Features
Job Category | Technology |
Qualification | Degree in computer science, computer engineering, electrical engineering or obtained relevant security certifications |
Experience | 10+ years in professional vulnerability research |
Skills | Excellent communication. Ability to get on with people at all levels and influence them. Strong problem-solving and creative skills. Ability to stay calm under pressure and keep to deadlines. Possess strong negotiation techniques. Teamworking and Leadership skills |
Proficiency | Expertise in one or more programming languages |