The individual should have ample knowledge and love for information security, excellent written and verbal communication skills, as well as ability to be organized and detail-oriented, to work in a team in which technical excellence is the primary requirement.
Responsibilities include the following:
- Vulnerability Research (identifying classes of vulnerabilities and writing proof of concept code)
- Impact Analysis and Mitigation guidance (for important findings by other teams in hard to patch areas)
- Automation and research guidance (to identify and map new high-priority objectives)
- Develop robust counter measures and mitigations.
This role requires maintaining substantial knowledge of state-of-the-art security principles, theories, and attacks, with lots of hands-on expectations in order to contribute those insights to internal and external stakeholders. Participation in development of intellectual property is also expected.
Minimum work experience requirements:
- 7+ years of experience (or equivalent) in the field of system security research, and exploring software + hardware techniques as a method of attack against targets within computing systems.
- In-depth experience with vulnerability research
- Demonstrated expertise in exploit development (published exploits and write-ups on exploiting new classes of issues, new techniques, tools are greatly appreciated)
- Reverse Engineering experience (or, for researchers focused on open-source software, demonstrated expertise on reading assembly and writing exploits for complex vulnerability classes)
- Knowledge of computer architecture, CPU, SoC, chipsets, BIOS, Firmware, Drivers, and other compute paradigms
The ideal candidate should also have:
- Ability to work autonomously in a less structured startup type environment with minimal supervision
- Ability to span security expertise over HW, SW and Firmware domains
- Passion for security research and community impact, demonstrated by published research and collaboration to community efforts (yes, Phrack and PoC || GTFO papers are appreciated more than certifications)