Vulnerability Researcher Job Description
Vulnerability researcher
provides subject matter expertise in offensive security for cyber defenders, remediation teams, and ITD teams.
Vulnerability Researcher Duties & Responsibilities
To write an effective vulnerability researcher job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability researcher job description templates that you can modify and use.
Sample responsibilities for this position include:
Work with a team of vulnerability researchers to analyze a complex system (multi server, networking devices, applications, protocols, etc) to identify ways an intruder may obtain remote access
Develop programs/scripts for automation and fuzzing
Perform 0-day research on hardware and software
Develop attacking tools that will be used by the Red Team
Audit source code, reverse engineer, and/or develop fuzzers to identify vulnerabilities in software applications running on the systems
Upon vulnerability discovery, develop proof of concept exploits that demonstrate remote code execution
Research and develop security bypass techniques
Use tools such as gcc/clang, gdb, IDA Pro, Hex Rays decompiler, Jet Brains IDEs, git, Jira, Confluence, Crucible, Jenkins, and VMware vSphere
Develop and/or support development of system documentation (requirements analysis, testing procedures, configuration management, user guides)
Perform leading edge Exploit and Vulnerability research, analysis (data-mining) and generate content for use in our products
Vulnerability Researcher Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Researcher
List any licenses or certifications required by the position: GPEN, GCIH, CISSP
Education for Vulnerability Researcher
Typically a job would require a certain level of education.
Employers hiring for the vulnerability researcher job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Computer Engineering, Education, Software Engineering, Math, Electrical Engineering, Computer, Engineering, Technology, Information Security
Skills for Vulnerability Researcher
Desired skills for vulnerability researcher include:
Assembly
Networking
Boot procedures
Compilers
Device drivers
Evolving trends in offensive and defensive cyber tools
File systems
Kernel debugging
Memory management techniques
Microsoft Windows internals
Desired experience for vulnerability researcher includes:
Applicants with the appropriate skills but without a security clearance are still encouraged to apply
Applicants will be subject to a government security background investigation
Expertise in scripting languages (e.g., Python or Ruby)
Highly knowledgeable in Information Security attack and defense
Proficiency with disassemblers / debuggers – (e.g., IDA Pro, GDB, Windbg)
Proficiency in scripting languages (e.g., Python or Ruby)
Vulnerability Researcher Examples
1
Vulnerability Researcher Job Description
Job Description Example
Our growing company is searching for experienced candidates for the position of vulnerability researcher. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vulnerability researcher
- Being self-motivated and communicative while working on complex, distributed enterprise-level CNO systems
- Participating in and contributing to an agile development model, supporting the team positively, and improving/establishing processes
- Being able to identify, creatively troubleshoot, and solve issues as they arise with a can-do, get-it-done attitude
- Excel at organization, prioritization, and communication of efforts between teams
- Seek out and discover ways to automate common tasks and author fail-faster approaches while testing solutions and new ideas
- Actively document efforts as you go (code/Wiki) with the goal of assisting others in learning from and maintaining your efforts
- Working closely with our dedicated quality assurance team, ensuring a solid product is delivered on time, every time
- Actively learn about and improve on CNO architectures and grow with the team and mission, with the aim of becoming an expert yourself
- Provide thoughtful and innovative ideas for additional research and development projects
- Write vulnerability checks for our vulnerability scanning technology
Qualifications for vulnerability researcher
- A detailed understanding of Information Security attacks and defenses
- Experience with disassemblers / debuggers – (e.g., IDA Pro, GDB, Windbg)
- 2 years over all applicable experience
- Experience with debugger tools like WinDbg, OllyDbg, IDA Pro
- Experience in reverse engineering and binary auditing
- Knowledge of common file format
2
Vulnerability Researcher Job Description
Job Description Example
Our growing company is looking to fill the role of vulnerability researcher. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for vulnerability researcher
- Implement frameworks for existing network protocols
- Maintain the vulnerability scan engine and extending its feature set
- Write clear and concise definitions of vulnerabilities and remediation
- Research, reverse software to find new security vulnerabilities
- Write vulnerability checks for our scanning technology to detect presence of vulnerabilities locally or remotely
- Research and reverse engineer software to find new security vulnerabilities
- Demonstrates awareness of deliverables and their role within the project plan
- Contribute to Internal Research and Development (IRAD) studies and may lead small IRAD tasks
- Collaborate with the Cyber Innovations Team to improve vulnerability research (VR) tools, reverse engineering (RE) tools, and testing tools for a variety of platforms to include Windows, Linux, Android, iOS, embedded, and IoT devices
- Work with internal stakeholders to support preparation of presentations and reports and may be called on to respond to questions regarding assigned tasks
Qualifications for vulnerability researcher
- Empowered to make a difference in cyber security
- Ability to work under minimal direction and to take on additional tasks as required
- Bachelor or Master of Computer Science or Electrical/Computer Engineering or equivalent degree
- Experience extracting and analyzing firmware from hardware devices
- Vulnerability research knowledge
- Experience with Objective C, C++ or Swift
3
Vulnerability Researcher Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of vulnerability researcher. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for vulnerability researcher
- Utilizes understanding of project plan to ensure identified tasking aligns with deliverable and guides staff to meet deliverables
- Works with internal and external clients and partners
- Conceptualizes, leads and supports multiple Internal Research and Development (IRAD) projects
- Leads collaboration efforts including brainstorming on complex technical issues
- Manages small scale proposals or major sections of large proposals, and serves as a key contributor during win theme meetings and red team reviews
- Lead the task of evaluating the existing capabilities
- Interface heavily with customers to understand their needs, align with their roadmaps, and sell our capabilities
- Develop the architecture and implementation plan
- Serve as a member of our Technical Council to ensure coherency with our current IRAD
- Lead technical development and cultivate technical leaders to execute plan
Qualifications for vulnerability researcher
- Individuals must be a U.S. Citizen and either hold an active US Security Clearance or must be eligible to obtain a US Security Clearance
- Familiar with software vulnerabilities
- Understanding of Mac Internals
- Knowledge of iOS security components (entitlements, sandboxing, code signing)
- Knowledge of Apple’s kernel subsystems (IOKit, Mach, BSD)
- Knowledge of Apple’s userspace design (Mach Messaging, framework, shared cache)
4
Vulnerability Researcher Job Description
Job Description Example
Our innovative and growing company is looking for a vulnerability researcher. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vulnerability researcher
- Share vulnerability intelligence with other security teams including threat intelligence, security operations, threat hunting, and risk management
- Continuously improve and mature research and reporting processes
- Analyze vulnerabilities and provide suggestion for NIPS signature creation/improvement
- Fix NIPS signature bug and handle customer escalation/query
- Help in NIPS product open test
- Support 0day emergency response
- Do advance security research project and product feature innovation
- Analyzing mobile devices to understand how they work and how they behave when broken
- Developing and defeating advanced security techniques
- Working in small teams in close coordination with customers
Qualifications for vulnerability researcher
- Knowledge of iOS Jailbreaks
- Knowledge of iOS Secure Boot Chain
- Knowledge of ARMv8 64-bit
- Deep understanding of Android Internals
- Knowledge of common vulnerability classes (Overflows, Use after free, Race conditions)
- Chrome internals
5
Vulnerability Researcher Job Description
Job Description Example
Our company is looking for a vulnerability researcher. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vulnerability researcher
- Analyzing software
- Maintain near real-time awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis)
- Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit
- Identify updates for any software asset that have even the appearance of a quietly patched security defect
- Track private vulnerabilities (internal discovery, or nonpublished)
- Map vulnerability inventory to asset inventory
- Determine asset susceptibility by technical means when (e.g., analyzing code execution flow), usage and asset configuration
- Recalculating priority for risks that decrease due to exploitability limitations and threats
- Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable
- Ability to prioritize vulnerabilities based on potential risks
Qualifications for vulnerability researcher
- Familiarity with Webkit, V8, and Chrome IPC internals
- Android native code (Binder, JNI)
- Understanding of Bionic
- Knowledge of Android kernel subsystems (binder, ashmem, drivers)
- Knowledge of Android vendor security implementations
- Knowledge of ARMv8a 64-bit