Security Researcher Job Description
Security researcher
provides static and Dynamic analysis for simple threats including - infection, propagation, lateral movement, exploitation POCs, etc.
Security Researcher Duties & Responsibilities
To write an effective security researcher job description, begin by listing detailed duties, responsibilities and expectations. We have included security researcher job description templates that you can modify and use.
Sample responsibilities for this position include:
Leading new technology integration via requirements analysis, design, and implementation
Lead the translation of context research findings into actionable foundational insights and opportunity areas
Research the advanced threat landscape to enhance team’s threat intelligence
Provide comprehensive detection coverage for all in-the-wild threats using threat intelligence
Prototype, implement and extend backend tools and systems to automate or improve the exploit identification, analysis and detection process
Build and use automation and the cloud to scale-out impact
Exploit analysis and Advanced malware reversing
Develop and design innovative cyber security solutions for unique and complex technologies
Work in partnership with government agencies, leading industry experts, and academia
Supervise external penetration tests (analysis of the results, vendor selection)
Security Researcher Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Researcher
List any licenses or certifications required by the position: CISSP, GIAC, CEH, SSCP, CISA, OSCP, GTFO, CISM, SANS, MCP
Education for Security Researcher
Typically a job would require a certain level of education.
Employers hiring for the security researcher job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Engineering, Computer Engineering, Information Security, Electrical Engineering, Technical, Mathematics, Education, Computer, Graduate
Skills for Security Researcher
Desired skills for security researcher include:
HTTP
DNS
Cryptography
SMTP
ARM
Basic exploitation techniques
MIPS
Power PC
X86_64
COFF/PE/ELF binary formats
Desired experience for security researcher includes:
Experience developing tools for malicious code analysis, network traffic analysis and the detection of malicious code on endpoint systems is a strong plus
Performing vulnerability and exploit research and analysis
Thorough knowledge of information security components, principles, practices, and procedures
Demonstrable understanding of and facility with secondary / context research, data mining, market / user research, a range of qualitative and quantitative research methods, and insight generation the types of resources used to extract information
Team player with the ability to work autonomously in a fast-paced, dynamic environment
5+ years of experience in reverse engineering of different types of exploit/malware
Security Researcher Examples
1
Security Researcher Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of security researcher. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for security researcher
- Reverse-engineer malware samples to identify malware communication methods and analyze malware network traffic to develop Snort signatures
- Produce documentation describing malware behaviour and detection strategies
- Communicate research results to customers, team members, and management
- Collaborate with team members to improve the analysis and response process
- Monitor security industry publications, newsgroups and press releases to identify new malware attacking methods
- Analyse complex problems, and ability to share creative and innovative solutions to solve cyber security or internal stakeholder’s issues
- Generate datasets based on threat/malware analysis to ensure successful detection of those for demonstrating advanced detection concepts
- Knowledge sharing with other team members and externally through blogs, security conferences, presentations
- Develop and apply emerging machine learning techniques for novel security usages such as antimalware, anomaly detection, authentication, access control, and event management
- Be involved in the full lifecycle of machine learning solution from receipt of data to final model evaluation
Qualifications for security researcher
- At least 2 years of experience with Security Research is a must
- Past publication of academic/industrial security research papers, and security advisories
- Past speaking in security conferences - a huge advantage
- At least 1 year experience in SQL Server and advanced SQL querying
- At least 1 year experience in Microsoft Access
- Basic knowledge in Knowledge of industry security standards
2
Security Researcher Job Description
Job Description Example
Our growing company is hiring for a security researcher. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security researcher
- Lead proposal development, organizing contributions from varied stakeholders (in other words, be the PI for projects)
- Discover and mitigate vulnerabilities in sensitive Critical Infrastructure
- Maintain expert knowledge of forensics and incident response practices advanced persistent threat tools, techniques, and procedures (TTPs)
- Develop a cutting edge fuzzer
- Conduct research on the latest threat landscape to provide insights in how to advance the malware detection capability of the VMW platform
- Work closely with product and engineering leadership to incorporate your research findings on the threat landscape into the product roadmap
- Be a primary interface to the virtual machine monitor (VMM) team to help design/prototype/evaluate new hypervisor features that improve our malware detection capability
- Work closely with our engineers to deliver detection and prevention mechanism
- Leverage ASERT’s internet-scale malware processing and sensor infrastructure to identify coverage gaps and emerging threats with a focus on DDoS malware and IoT-based bots
- Perform in-depth analysis of DDoS and IoT-based malware to identify capabilities, threat potential, emerging trends, and interrelationships with other malware
Qualifications for security researcher
- Researching targeted threat groups and their tactics, techniques and procedures (TTP)
- Basic knowledge in Knowledge and experience with IPS/IDS technologies and concepts
- Basic knowledge in Experience with UNIX/Windows operating systems
- Basic knowledge in Penetration Testing Tools (Kali Linux, Metasploit, Nmap, netcat )
- Understanding of software exploitation and common vulnerabilities is a plus
- Drive closure of technical issues
3
Security Researcher Job Description
Job Description Example
Our growing company is hiring for a security researcher. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security researcher
- Correlate malware, sensor, and attack data to draw conclusions regarding attack campaigns and capacities
- Develop custom code based on malware analysis to create interactive honeypots, enhance sensor capabilities, infiltrate botnets, extract indicators, collect malware samples, and source a high-fidelity threat feed
- Specify mitigation strategies to defend against DDoS attacks and malware propagation
- Participate in real-time mitigation and information sharing efforts
- Produce rapid-response threat advisories blog posts related to research findings
- Rapidly perform any of the above activities in high-pressure situations in response to global, large-scale Internet outages
- Present research internally and at conferences
- Identify and implement new technologies and methods for identifying and tracking DDoS and IoT-based botnets
- Serve as a subject matter expert for prestige media inquiries regarding high-profile attacks
- Cultivate relationships with other security researchers, trust groups, and trusted partners
Qualifications for security researcher
- BA/BS in engineering/computer science or acceptable combination of education and experience required
- Able to present complex issues with clarity to drive decisions
- At least 6 months of experience in Computer Security research
- At least 6 months of experience developing software with C++, C, or Java, with some exposure to either system level programming
- At least one security-related publication in a peer-reviewed conference proceedings or journal
- Familiarity with legacy and evolving exploit techniques such use Buffer/Stack overflow, Heap-spray, Use after Free (UAF), Return/Call/Jump Oriented Programming (ROP/COP/JOP)
4
Security Researcher Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of security researcher. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security researcher
- Targeted Threat Research
- Analyzing community research and generating organic research on the modern threat environment to enterprises and customers
- Working with team members such as Data Scientists and Engineers to develop effective analytics and mitigations for advanced threats
- Lead threat model reviews and provide alternative perspective on potential security concerns
- Conduct wide range of internal security assessments using architecture and threat model documents to identify and exploit product security flaws before public release
- Act as liaison between external penetration testing firms and internal product teams to ensure low friction, high value external engagements
- Assist product teams in remediation efforts by clarifying finding details and identifying best practice fixes or mitigations
- Participate in working groups to evaluate and refine secure development lifecycle strategies and procedures
- Evaluate existing automated security scanning tools, or develop when practical, to identify vulnerabilities in continuous test environment to eliminate potential of repeat findings over multiple tests
- Design and present developer security education
Qualifications for security researcher
- Masters Degree in a quantitative discipline (Computer Science, Mathematics, Statistics, ) + 15 years of experience
- Familiarity with software techniques for exploit prevention via Operating systems, Compilers, Virtualization
- Minimum 1yr experience with security technologies
- Being able to switch between contexts
- Minimum 5yr experience with hardware and/or software testing and tools, low level debug
- Proficiency in at least one systems programming language
5
Security Researcher Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of security researcher. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for security researcher
- Write and present detailed reports with findings and remediation recommendations, with both technical and non-technical staff as audience
- Partner with business IT security teams to drive improvement in IT security as a result of Cyber Security Research engagements
- Executing engagements
- Participate in cross-team Task Forces to drive impact of Cyber Security Research findings as appropriate
- Develop and maintain content for third party testing including application identification and threat detection
- Research testing result and trigger data of IPS and APP-ID signature
- Research the root cause of publicly disclosed vulnerabilities and develop IPS detection logic
- Program on Linux and Windows system for some creative project to improve next generation security technology
- Identify flaws and vulnerabilities in complex secure systems
- Reverse engineering and white box SW analysis
Qualifications for security researcher
- Identify new and ambitious research challenges, define research projects to address these challenges, and lead the execution of these projects with other researchers
- Conduct experimentations, produce prototypes and proof-of-concepts
- Mentor junior members and PhD interns
- Minimum 2 years of experience in at least two programming languages, including a scripting language, and ideally including a functional language
- Currently enrolled in a Bachelor’s, Master’s or PhD degree program in Computer Science, Computer Engineering, or related technical discipline with a focus on software development, with graduation dates starting December 2017 and onward
- Familiarity with sensor data security research