Vulnerability Researcher Job Description
Vulnerability Researcher Duties & Responsibilities
To write an effective vulnerability researcher job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability researcher job description templates that you can modify and use.
Sample responsibilities for this position include:
Vulnerability Researcher Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Researcher
List any licenses or certifications required by the position: GPEN, GCIH, CISSP
Education for Vulnerability Researcher
Typically a job would require a certain level of education.
Employers hiring for the vulnerability researcher job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Computer Engineering, Education, Software Engineering, Math, Electrical Engineering, Computer, Engineering, Technology, Information Security
Skills for Vulnerability Researcher
Desired skills for vulnerability researcher include:
Desired experience for vulnerability researcher includes:
Vulnerability Researcher Examples
Vulnerability Researcher Job Description
- Being self-motivated and communicative while working on complex, distributed enterprise-level CNO systems
- Participating in and contributing to an agile development model, supporting the team positively, and improving/establishing processes
- Being able to identify, creatively troubleshoot, and solve issues as they arise with a can-do, get-it-done attitude
- Excel at organization, prioritization, and communication of efforts between teams
- Seek out and discover ways to automate common tasks and author fail-faster approaches while testing solutions and new ideas
- Actively document efforts as you go (code/Wiki) with the goal of assisting others in learning from and maintaining your efforts
- Working closely with our dedicated quality assurance team, ensuring a solid product is delivered on time, every time
- Actively learn about and improve on CNO architectures and grow with the team and mission, with the aim of becoming an expert yourself
- Provide thoughtful and innovative ideas for additional research and development projects
- Write vulnerability checks for our vulnerability scanning technology
- A detailed understanding of Information Security attacks and defenses
- Experience with disassemblers / debuggers – (e.g., IDA Pro, GDB, Windbg)
- 2 years over all applicable experience
- Experience with debugger tools like WinDbg, OllyDbg, IDA Pro
- Experience in reverse engineering and binary auditing
- Knowledge of common file format
Vulnerability Researcher Job Description
- Implement frameworks for existing network protocols
- Maintain the vulnerability scan engine and extending its feature set
- Write clear and concise definitions of vulnerabilities and remediation
- Research, reverse software to find new security vulnerabilities
- Write vulnerability checks for our scanning technology to detect presence of vulnerabilities locally or remotely
- Research and reverse engineer software to find new security vulnerabilities
- Demonstrates awareness of deliverables and their role within the project plan
- Contribute to Internal Research and Development (IRAD) studies and may lead small IRAD tasks
- Collaborate with the Cyber Innovations Team to improve vulnerability research (VR) tools, reverse engineering (RE) tools, and testing tools for a variety of platforms to include Windows, Linux, Android, iOS, embedded, and IoT devices
- Work with internal stakeholders to support preparation of presentations and reports and may be called on to respond to questions regarding assigned tasks
- Empowered to make a difference in cyber security
- Ability to work under minimal direction and to take on additional tasks as required
- Bachelor or Master of Computer Science or Electrical/Computer Engineering or equivalent degree
- Experience extracting and analyzing firmware from hardware devices
- Vulnerability research knowledge
- Experience with Objective C, C++ or Swift
Vulnerability Researcher Job Description
- Utilizes understanding of project plan to ensure identified tasking aligns with deliverable and guides staff to meet deliverables
- Works with internal and external clients and partners
- Conceptualizes, leads and supports multiple Internal Research and Development (IRAD) projects
- Leads collaboration efforts including brainstorming on complex technical issues
- Manages small scale proposals or major sections of large proposals, and serves as a key contributor during win theme meetings and red team reviews
- Lead the task of evaluating the existing capabilities
- Interface heavily with customers to understand their needs, align with their roadmaps, and sell our capabilities
- Develop the architecture and implementation plan
- Serve as a member of our Technical Council to ensure coherency with our current IRAD
- Lead technical development and cultivate technical leaders to execute plan
- Individuals must be a U.S. Citizen and either hold an active US Security Clearance or must be eligible to obtain a US Security Clearance
- Familiar with software vulnerabilities
- Understanding of Mac Internals
- Knowledge of iOS security components (entitlements, sandboxing, code signing)
- Knowledge of Apple’s kernel subsystems (IOKit, Mach, BSD)
- Knowledge of Apple’s userspace design (Mach Messaging, framework, shared cache)
Vulnerability Researcher Job Description
- Share vulnerability intelligence with other security teams including threat intelligence, security operations, threat hunting, and risk management
- Continuously improve and mature research and reporting processes
- Analyze vulnerabilities and provide suggestion for NIPS signature creation/improvement
- Fix NIPS signature bug and handle customer escalation/query
- Help in NIPS product open test
- Support 0day emergency response
- Do advance security research project and product feature innovation
- Analyzing mobile devices to understand how they work and how they behave when broken
- Developing and defeating advanced security techniques
- Working in small teams in close coordination with customers
- Knowledge of iOS Jailbreaks
- Knowledge of iOS Secure Boot Chain
- Knowledge of ARMv8 64-bit
- Deep understanding of Android Internals
- Knowledge of common vulnerability classes (Overflows, Use after free, Race conditions)
- Chrome internals
Vulnerability Researcher Job Description
- Analyzing software
- Maintain near real-time awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis)
- Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit
- Identify updates for any software asset that have even the appearance of a quietly patched security defect
- Track private vulnerabilities (internal discovery, or nonpublished)
- Map vulnerability inventory to asset inventory
- Determine asset susceptibility by technical means when (e.g., analyzing code execution flow), usage and asset configuration
- Recalculating priority for risks that decrease due to exploitability limitations and threats
- Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable
- Ability to prioritize vulnerabilities based on potential risks
- Familiarity with Webkit, V8, and Chrome IPC internals
- Android native code (Binder, JNI)
- Understanding of Bionic
- Knowledge of Android kernel subsystems (binder, ashmem, drivers)
- Knowledge of Android vendor security implementations
- Knowledge of ARMv8a 64-bit