Senior Security Research Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Responsibilities:

• Research, analyze, and assess attack surface and vulnerabilitydata

  
  

• Develop tailored and actionable mitigation strategies and plans to address vulnerabilityrisk

  
  

• Work with new and emerging vulnerability data toidentifypotential attack paths in critical systems.

  
  

• Document, developand present mitigation strategiesinweb applications,databases,standalone applications, etc.

  
  

• Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation

  
  

• Provide mitigation strategies that prioritize risk against level of effort for multiple systems ororganizations

  
  

• Catalog mitigation advice, challenges, and trends and patterns

  
  

• Patchdiffing andreverse engineeringwith tools such asGhidra, IDA, etc. 

  
  

• Provide subject matterexpertiseon tailored mitigations to resolve and remediate vulnerabilities on targetedtechnologies

  
  

• Work in fast-pacedstartuplikeenvironmentwith shifting priorities to handle andmaintainbalance with multiple stakeholders.

  
  

• Conduct research to assess and create software patches and configuration changes to be applied to varied software,middlewareandhardware

  
  

• Provide assessment including security, system, and business impact ofvulnerabilities

  
  

• Must be able to think ahead to avoid business outages based on the labresults

  
  

• Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, andreporting

  
  

Desired Skills:

• Excellent understanding of network,systemand application security

  
  

• Experience with IDA Pro,Ghidra, or similar binary analysis tool

  
  

• Knowledge of various vulnerability scanning solutions is aplus

  
  

• Excellent written and verbal communication

  
  

• Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background

  
  

• Secure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigaterisk

  
  

• A solid understanding of industry best practices for Patch Management 

  
  

• Specific demonstrated experience mapping business processes and comparing those processes to industry bestpractices

  
  

• Background around using or understanding of security tools would beplus

  
  

• Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems

  
  

• Thorough testing of patches in a non-production environment 

  
  

• Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS

  
  

• Should havevery goodcommunication and articulationskills

  
  

• Ability and ready to learnnew technologyand should be a good teamplayer

  
  

What you get to do:

Work within Threat Research, detection and response teams and analysts to define the priority, design the solution, and contribute to build framework for patchingvulnerabilities