דרושים » אבטחת מידע וסייבר » Vulnerability Researcher

Requirements:
8+ years of relevant industry experience as a low-level vulnerability researcher.
Proven track record of finding memory corruption vulnerabilities (stack/heap overflows, UAF, TOCTOU, etc.).
Proven track record of developing complex exploits.
Excellent understanding of common security mitigations such as ASLR, DEP, and CFI.
Excellent understanding OS internals, network protocols and cryptography concepts.
Proficient in Assembly, C, and Python.
Expert with IDA Pro / Ghidra, and GDB.

Requirements:
B.S. degree in Computer Science or a related field, or equivalent work experience.
At least 5 years of R&D experience.
In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
Experience with pen-testing, researching, discovering, or publishing vulnerabilities.
Reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb).
Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages.
One or more security related certifications (e.g. OSCP).
At least a years experience with Nessus Sensor and working with the NASL language.
An understanding of NASL coding standards.
Prior experience performing open-ended research when given high-level requirements and details of the desired output.
Some experience with reviewing code and providing feedback.
Experience with understanding and implementing RFC standards and protocols.
Experience with Python programming language.
Experience with systems administration and be comfortable working at the command line.
In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
Some exposure to security standards such as NIST 800-53, CIS, or DISA STIGS.
In-depth protocol analysis and interaction. Solid knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Experience with crash dump analysis and exploit development.
Experience writing blogs and whitepapers to showcase research as well as presenting at security conferences.
Ability to sit and work at a computer for extended periods of time.
Some travel may be required.

Requirements:
Required Qualifications
5+ years of experience in cybersecurity research, with a proven track record of impactful projects.
Good knowledge of Linux OS internals, including both user and kernel space.
Solid knowledge of the cyber threat landscape, modern malware techniques, and APTs.
Hands-on experience in real-world threat hunting, incident response, or detection engineering.
Proficiency in programming languages such as Python, C, and/or C++, with a strong understanding of system-level programming and APIs.
Excellent problem-solving skills and a passion for cybersecurity innovation.
Ability to work independently, take initiative, and collaborate effectively in a team environment.
Preferred Qualifications
Background in EDR/XDR products or security solution development.
Experience in reverse engineering, including familiarity with debugging and disassembly tools such as GDB, IDA Pro, or Ghidra.
Experience in advanced data analysis, statistics, or machine learning for security applications.
Experience with Linux kernel development or vulnerability research.
Familiarity with virtualization platforms (e.g., ESXi/vCenter).

Requirements:
Required Qualifications
5+ years of experience in cybersecurity research, with a proven track record of impactful projects.
B.Sc. or M.Sc. in Computer Science, Software Engineering, Computer Engineering, or equivalent military experience required
Hands-on experience in real-world threat hunting, incident response, or detection engineering.
Solid knowledge of the cyber threat landscape, modern malware techniques, and APTs.
Proficiency in programming languages such as Python, Go, Java, or other relevant languages.
Strong understanding of OS internals (Windows, Linux, and macOS, for example).
Excellent problem-solving skills and a passion for cybersecurity innovation.
Ability to work independently, take initiative, and collaborate effectively in a team environment.
Preferred Qualifications
Experience with virtualization platforms or understanding of virtualization-related attacks (e.g., focused on ESXi/vCenter).
Proven background in security solution development, particularly within the EDR/XDR space.
Proficiency in reverse engineering, including practical experience with disassembly and debugging tools.
Demonstrated experience utilizing advanced techniques like statistics, machine learning, or complex data analysis for security-related applications.
Experience with vulnerability research or development within the Linux environment.
Experience with research or development focused on Linux internals.

Requirements:
7+ years of experience in security research, detection engineering, incident response, or comparable hands-on security roles
Demonstrated expertise in at least two of the following areas (and working knowledge in the others):
Linux internals / operating systems fundamentals
Cloud security (AWS/Azure/GCP), including common attack paths and misconfiguration patterns
DFIR, threat hunting, and investigation workflows using telemetry and logs
Vulnerability research or vulnerability management at scale (triage, prioritization, exploitation understanding)
Application and API security fundamentals
Strong programming skills in Python (Go is a strong plus); ability to produce maintainable research code and production logic
Strong data skills: comfortable working with large telemetry datasets (SQL and log analytics platforms such as Elastic or similar)
Ability to reason about attacker behavior, build threat models, and validate detections with repeatable testing
Excellent written and verbal English communication, including the ability to explain nuanced technical tradeoffs to non-research audiences
Track record of driving cross-team execution and shipping impactful security capabilities
Nice to have:
Experience with Kubernetes and container runtime security
eBPF or low-level telemetry approaches, syscall or kernel-level visibility
Reverse engineering and malware analysis
Offensive security background (web, cloud, exploit development)
Contributions to open-source security projects or published research
Experience using automation or AI-assisted techniques to scale research and detection workflows

Requirements:
The ideal candidate will have:
3+ years of experience in the cybersecurity field, including:
Strong reverse engineering skills.
A proven interest in offensive research and vulnerability exploitation.
At least 2 years in penetration testing or a research-focused role.
[Advantage] Experience with embedded systems (either in research or development).
Ability to understand and analyze complex systems and identify critical security gaps.
[Advantage] Familiarity with automotive technologies (e.g., communication protocols, system architecture).
A hands-on approach to problem-solving and a passion for learning new technologies.
A creative mindset and a hackers curiosity.

Requirements:
Leadership Experience: At least 2+ years of experience leading a technical team or serving as a technical lead in a research-heavy environment.
Reverse Engineering Mastery: Extensive hands-on experience with tools such as IDA Pro, Binary Ninja, or Ghidra.
Deep Security Background: Proven track record in vulnerability research (VR), including advanced exploit development and program analysis.
Programming Excellence: Proficiency in C/C++ and Python, with the ability to review complex code and guide technical architecture.
System Internals Expert: Deep understanding of OS internals (Memory, Process management) and low-level architectures (x86/64, ARM, MIPS).
Communication Skills: Ability to translate complex technical vulnerabilities into clear business risks for stakeholders.

Requirements:
Required Qualifications
In-depth knowledge of some Unix-based operating system internals.
Experience in security research - 3 years at least
Minimum 2 years of development experience in C/C++.
Development knowledge in one or more scripting languages.
Ability to work independently and as a part of a team.
Strong attention to detail and ability to take initiative.
Preferred Qualifications
In-depth knowledge of macOS internals.
Development experience in Swift or Objective C.
Experience with python or Lua scripting languages.
Experience in reverse engineering - both static and dynamic (arm/x86/64 architectures).
Exploitation experience (either application level security or memory corruptions).

Requirements:
Your Experience
5+ years in security research with a proven track record of driving impactful projects.
2+ years in a leadership or management role, including mentoring researchers and setting research strategy.
Deep expertise in cloud-native security, with strong focus on Kubernetes, containers, and major cloud providers (AWS, Azure, GCP, OCI).
Experience developing or working with detection and response products, such as XDR, EDR, or cloud workload protection platforms.
Excellent communication skills, with the ability to articulate complex research findings and drive alignment across diverse teams.
Proficient in hands-on coding and scripting (e.g., Python).
Experience working with large-scale data pipelines and analytics (e.g., GCP BigQuery, Dataflow).
Advantages
Familiarity with Kubernetes threat modeling frameworks (e.g., MITRE ATT&CK for Containers).

Requirements:
Proven vulnerability research experience (preferably in iOS)
Experience with advanced exploitation techniques
ARM reverse engineering
Cryptographic primitives and weaknesses
Hardware research/board design - Advantage
You are a security researcher who cares about the ethical values of your work
You love the art of engineering and crafting a platform-wide native payload, in a fragmented ecosystem of gaping variance
You are passionate about technology and keen to use your skills to make the world a safer place.