Vulnerability Researcher I/II (Cyber254)

WHAT YOU WILL BE DOING

• Conducting in-depth reverse engineering and vulnerability analysis across various architectures and platforms, including x86/64, ARM, PowerPC, and more
• Researching and analyzing operating system and application internals, identifying and understanding security strengths and weaknesses of those systems
• Developing and enhancing functionality by adding features and capabilities to undocumented interfaces
• Modeling and analyzing in-memory compiled application behavior to identify potential vulnerabilities and improve security measures
• Developing and understanding mobile/embedded systems and kernel modules, particularly related to vulnerability research
• Participating actively in our extensive Vulnerability Research mentorship program, sharing knowledge and collaborating with colleagues

WHAT YOU HAVE DONE

• Proficient understanding of wireless networking and associated security protocols, such as Wi-Fi (802.11), Bluetooth, or cellular networks (2G/3G/4G/5G). Familiarity with common vulnerabilities and attack vectors in wireless communication
• Strong grasp of legacy exploit mitigations and bypass techniques, including but not limited to Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP/NX), Stack Cookies (Canaries), and Control Flow Integrity (CFI). Experience in identifying and circumventing these security measures
• In-depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.). Understanding the security implications and potential vulnerabilities associated with these concepts
• Programming experience with both scripted languages (preferably Python3) and compiled languages (preferably C). Ability to write efficient and secure code for vulnerability research and exploit development purposes
• Familiarity with low-level architectures such as x86, ARM, or MIPS. Understanding the underlying principles, instruction sets, and memory models of these architectures for vulnerability identification and analysis
• Experience with operating system internals and implementations, including Windows, Linux, or macOS. Knowledge of system structures, process management, memory management, and security mechanisms at the kernel level
• Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike

EVEN BETTER

• Experience with vulnerability research and reverse engineering of real-time operating systems (RTOS), such as FreeRTOS, QNX, or VxWorks. Understanding the unique security challenges and attack vectors specific to RTOS environments
• Bachelor's or postgraduate degree in Computer Science, Computer Engineering, or a related field
• Experience with software protection and binary armoring techniques, such as anti-debugging, code obfuscation, or tamper resistance. Understanding the methods employed to protect software from reverse engineering and vulnerability discovery
• Proficiency in agile development methodologies, including Scrum or Kanban, for efficient collaboration and iterative development in a cybersecurity context
• Familiarity with low-level iOS/Android development and associated security considerations, such as jailbreaking or rooting, application sandboxing, or secure interprocess communication (IPC)
• Knowledge of hypervisors and their security implications, including virtualization-based security, guest escape vulnerabilities, or hypervisor-based rootkits
• Proficiency in malware analysis, including static and dynamic analysis techniques, behavioral analysis, and code deobfuscation. Experience in identifying and analyzing malware samples to understand their capabilities and potential vulnerabilities
• Experience with constraint solving techniques, such as symbolic execution, theorem proving, or model checking, for vulnerability identification, verification, and exploit generation
• Background in machine learning, particularly in the context of vulnerability analysis and detection, such as using ML techniques to identify patterns in code or analyze network traffic for anomaly detection