Has a strong track record of working with engineering and product teams on assessing applications against security standards, conducting risk-based assessments of application security practices, designing secure systems, and driving security by building close working partnerships with Product and Engineering professionals.
- 5+ Years' experience in Security Research, Web-Application & Network Penetration Testing or adjacent fields.
- Deep knowledge of the cyber security threat landscape, attacker mind-set and trends.
- Understand and apply attack and penetration concepts including the attack surface; identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected.
- Software development experience/proficiency in multiple languages, mainly C/C++ and other object-oriented platforms. Experience with scripting languages such as Python/Perl/Ruby.
- Operating System internals: PE, ELF, kernel, processes, networking, and hypervisors.
- Experience with reverse engineering tools (e.g. disassemblers, debuggers, instrumentation frameworks, etc.).
- Basic understanding of concepts in vulnerability research: Shell code, ROP, ASLR, exploit types, and heap manipulation.
- An understanding of fault injection and side channel attacks
- An understanding of past, current, and emerging security exploit types
- Reverse engineering capabilities + working knowledge in IDA
- Familiarity with secure bootloaders
- Team player with good interpersonal skills
- Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or equivalent experience
$75K <= $100K <= $126K