דרושים » תוכנה » Senior Vulnerability Researcher

Requirements:
5+ years of experience as a security researcher or industry-equivalent experience.
Understanding of memory corruption (Stack/Heap, UAF) and logical vulnerabilities (Injection, Logic/Design flaws, TOCTOU).
Understanding of common security mitigations such as ASLR, DEP, and CFI.
Expertise in OS internals, file systems, network protocols and cryptography concepts.
Hands-on experience with reverse engineering and debugging tools such as IDA Pro or Ghidra, and GDB.
Proficient in Assembly, C, and Python.

Requirements:
Required Qualifications
5+ years of experience in cybersecurity research, with a proven track record of impactful projects.
Good knowledge of Linux OS internals, including both user and kernel space.
Solid knowledge of the cyber threat landscape, modern malware techniques, and APTs.
Hands-on experience in real-world threat hunting, incident response, or detection engineering.
Proficiency in programming languages such as Python, C, and/or C++, with a strong understanding of system-level programming and APIs.
Excellent problem-solving skills and a passion for cybersecurity innovation.
Ability to work independently, take initiative, and collaborate effectively in a team environment.
Preferred Qualifications
Background in EDR/XDR products or security solution development.
Experience in reverse engineering, including familiarity with debugging and disassembly tools such as GDB, IDA Pro, or Ghidra.
Experience in advanced data analysis, statistics, or machine learning for security applications.
Experience with Linux kernel development or vulnerability research.
Familiarity with virtualization platforms (e.g., ESXi/vCenter).

Requirements:
Leadership Experience: At least 2+ years of experience leading a technical team or serving as a technical lead in a research-heavy environment.
Reverse Engineering Mastery: Extensive hands-on experience with tools such as IDA Pro, Binary Ninja, or Ghidra.
Deep Security Background: Proven track record in vulnerability research (VR), including advanced exploit development and program analysis.
Programming Excellence: Proficiency in C/C++ and Python, with the ability to review complex code and guide technical architecture.
System Internals Expert: Deep understanding of OS internals (Memory, Process management) and low-level architectures (x86/64, ARM, MIPS).
Communication Skills: Ability to translate complex technical vulnerabilities into clear business risks for stakeholders.

Requirements:
Required Qualifications
5+ years of experience in cybersecurity research, with a proven track record of impactful projects.
B.Sc. or M.Sc. in Computer Science, Software Engineering, Computer Engineering, or equivalent military experience required
Hands-on experience in real-world threat hunting, incident response, or detection engineering.
Solid knowledge of the cyber threat landscape, modern malware techniques, and APTs.
Proficiency in programming languages such as Python, Go, Java, or other relevant languages.
Strong understanding of OS internals (Windows, Linux, and macOS, for example).
Excellent problem-solving skills and a passion for cybersecurity innovation.
Ability to work independently, take initiative, and collaborate effectively in a team environment.
Preferred Qualifications
Experience with virtualization platforms or understanding of virtualization-related attacks (e.g., focused on ESXi/vCenter).
Proven background in security solution development, particularly within the EDR/XDR space.
Proficiency in reverse engineering, including practical experience with disassembly and debugging tools.
Demonstrated experience utilizing advanced techniques like statistics, machine learning, or complex data analysis for security-related applications.
Experience with vulnerability research or development within the Linux environment.
Experience with research or development focused on Linux internals.

Requirements:
3+ years of hands-on experience in reverse engineering, including both static and dynamic analysis.
2+ years of experience in vulnerability research, exploit development and bypassing OS-level mitigations.
Expert-level knowledge of Windows operating system internals and low-level OS research experience.
Experience in C/C++ development, including Win32 API.
Experience in a scripting language, with a preference for Python.
Ability to work independently and as a part of a team
Ability to work under pressure with strict deadlines, and to prioritize projects
Strong attention to detail.

Requirements:
Required Qualifications
In-depth knowledge of some Unix-based operating system internals.
Experience in security research - 3 years at least
Minimum 2 years of development experience in C/C++.
Development knowledge in one or more scripting languages.
Ability to work independently and as a part of a team.
Strong attention to detail and ability to take initiative.
Preferred Qualifications
In-depth knowledge of macOS internals.
Development experience in Swift or Objective C.
Experience with python or Lua scripting languages.
Experience in reverse engineering - both static and dynamic (arm/x86/64 architectures).
Exploitation experience (either application level security or memory corruptions).

Requirements:
B.S. degree in Computer Science or a related field, or equivalent work experience.
At least 5 years of R&D experience.
In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
Experience with pen-testing, researching, discovering, or publishing vulnerabilities.
Reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb).
Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages.
One or more security related certifications (e.g. OSCP).
At least a years experience with Nessus Sensor and working with the NASL language.
An understanding of NASL coding standards.
Prior experience performing open-ended research when given high-level requirements and details of the desired output.
Some experience with reviewing code and providing feedback.
Experience with understanding and implementing RFC standards and protocols.
Experience with Python programming language.
Experience with systems administration and be comfortable working at the command line.
In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
Some exposure to security standards such as NIST 800-53, CIS, or DISA STIGS.
In-depth protocol analysis and interaction. Solid knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Experience with crash dump analysis and exploit development.
Experience writing blogs and whitepapers to showcase research as well as presenting at security conferences.
Ability to sit and work at a computer for extended periods of time.
Some travel may be required.

Requirements:
Required Qualifications
In-depth knowledge of some operating system internals is a must - Knowledge of Linux is an advantage
Development experience in C/C++/Rust is a must, 3 years at least
Experience in security research - 3 years at least
Experience in reverse engineering - both static and dynamic, is a must (x86/64 architectures), 3 years at least
Development knowledge in some scripting languages is a must - Experience with Python is an advantage
Ability to work independently and as a part of a team
Strong attention to detail
Ability to take initiative
Preferred Qualifications
Exploitation experience is an advantage (either application-level security or memory corruption)
Familiarity with Kubernetes, containers, and cloud workload security.
Experience leading endpoint security projects across organizational boundaries and teams
Academic experience
Published security research, conference presentations, or CVEs.

Requirements:
Your Experience
5+ years in security research with a proven track record of driving impactful projects.
2+ years in a leadership or management role, including mentoring researchers and setting research strategy.
Deep expertise in cloud-native security, with strong focus on Kubernetes, containers, and major cloud providers (AWS, Azure, GCP, OCI).
Experience developing or working with detection and response products, such as XDR, EDR, or cloud workload protection platforms.
Excellent communication skills, with the ability to articulate complex research findings and drive alignment across diverse teams.
Proficient in hands-on coding and scripting (e.g., Python).
Experience working with large-scale data pipelines and analytics (e.g., GCP BigQuery, Dataflow).
Advantages
Familiarity with Kubernetes threat modeling frameworks (e.g., MITRE ATT&CK for Containers).

Requirements:
Practical experience performing vulnerability research and exploitation, preferably in mobile or other modern environments, eg. Windows/Linux/iOS/MacOS
Practical reverse engineering experience, preferably in ARM / TrustZone / Hypervisors
Advantage: Cryptographic primitives and weaknesses
Advantage: Advanced fuzzing
Advantage: Offensive hardware research/board design
Advantage: Experience dealing with modern memory corruption mitigations, such as PAC and MTE.