Senior Specialist, Security Research Engineer

This is a fully remote position, open to applicants in District of Columbia, +1 more state.

📋 Description

• Identifying vulnerabilities in widely-used software deployed on the Internet and/or the software or firmware of popular devices.

• Developing exploits for vulnerabilities found either independently or by your team.

• Leading the technical team's deliverables to ensure measurable outcomes for the organization.

• Providing training, management, and mentorship to team members at all levels.

• Engaging regularly with managers and customer-facing teams to address inquiries related to technical work.

• Capability to acquire and maintain a security clearance.

• Actively participating in cross-team projects as necessary.

⛳️ Requirements

• Bachelor’s Degree with at least 6 years of relevant experience.

• Graduate Degree with a minimum of 4 years of related experience.

• In the absence of a degree, a minimum of 10 years of related experience is required.

• Over 5 years of experience in Vulnerability Research, reverse engineering, and bug-hunting.

• Proficiency in static and dynamic binary analysis.

• Familiarity with iOS, Android, Windows, Linux, or embedded systems, including kernel, user land, and browser internals.

• Experience with prevalent tools in security research (e.g., IdaPro, Ghidra, Radare, Binary Ninja, AFL, SysInternals, GDB, WinDBG, etc.).

• Knowledge of common programming languages (e.g., C/C++, Python, Swift, etc.).

• Understanding of various architectures (e.g., x86/64, ARM, AARCH64, MIPS, PowerPC, TILEGX, etc.).

• Experience with contemporary security system features, exploit mitigations, and evasion techniques (e.g., bypassing ASLR, DEP, Control Flow Guard, ROP, evading security products/AV, etc.).

• Familiarity with a broad range of modern exploitation concepts and techniques.

• Background in Computer Network Operations / Computer Network Exploitation.

• Experience with symbolic execution and emulation tools (e.g., QEMU, Corellium, VHDL, etc.).

• Knowledge of cryptography (e.g., side-channel attacks, implementing AES, etc.).

• Experience in teaching and mentoring junior vulnerability researchers.

• Experience in bespoke fuzzer development.

🏝️ Benefits

• Health and disability insurance.

• 401(k) matching.

• Flexible spending accounts.

• Employee Assistance Program (EAP).

• Education assistance.

• Parental leave.

• Paid time off.

• Company-paid holidays.