A Vulnerability Research Engineer is a person who is part of a research team. The research team in in turn responsible for research and analysis of new exploits.
- An extensive knowledge of C/C++, python, assembly language or additional scripting and programming languages.
- An Master of Science of Bachelor of Science degree in Computer Science.
- Some companies require at least one of two years of experience within the industry.
- Some companies require specific experience with system security and/or de-bugging experience in C (Unix and/or Windows environments).
- Relevant experience involving WinDbg or OllyDbg, BinDiff and IDA Pro.
- In-depth knowledge of various TCP and/or IP protocols (sometimes a specific focus is required on CIFS, MSRPC and SMB).
- Experience with signature development and penetration testing, along with writing exploit code.
- Knowledge of fault injection frameworks or fuzzing and virtualization.
Job Duties List
Job duties of a vulnerability security research engineer can differ, depending on the specific company or institution the individual may by employed by, but general job duties often include requirements to:
- Review, isolate, analyze and then reverse-engineer programs that are vulnerable or malicious code in order to determine and understand the specific nature of the threat.
- Document the specific attack capabilities of the specimen (code, virus, etc.) and understand the concept of exploitation scenario.
- Create a detailed technical report concerning the treat, along with PoC code.
- Provide detection guidance to other team members or additional security teams in a timely manner.
- Stay on top of the “vulnerability landscape” and be up-to-date on current attacks or potential attacks and prepare counter-measures (if possible) to thwart those attacks or at least be prepared for them.
- Analyze common network services and software applications in order to discover new and potential vulnerabilities.
To apply for this job please visit cyberwarzone.com.