דרושים » תוכנה » Embedded vulnerability Researcher- 2596

Requirements:
Offensive Mindset: Proven experience in exposing and exploiting vulnerabilities in complex systems. Embedded Expertise: Hands-on research experience with embedded/low-level systems. Network Communication Expertise: Deep understanding of the logic and vulnerabilities within network protocols and the ability to implement functional attacks against them. Security Fundamentals: Strong grasp of cybersecurity principles, including cryptography. Programming: Strong scripting and development skills in Python (for research/tooling) and C/C++ (for exploit development). Execution: A "get-things-done" attitude; self-driven and thrives in fast-paced, problem-solving environments.

Requirements:
B.Sc. or M.Sc. in Computer Science, Mathematics, or Engineering.
Published research (CVEs, blog posts, or talks).
Experience with RF communication schemes such as WiFi, Bluetooth, GPS
Experience with developing / researching in Android / iOS environments.

Requirements:
5+ years of experience in at least one of the following: security research, vulnerability research, malware analysis, threat intelligence, or detection engineering
Offensive security mindset with the ability to flip to the defensive side - finding attacks and building mitigations
Strong analytical skills - comfortable digging into unfamiliar code, protocols, or systems and figuring out how they break
Familiarity with operating system internals (Windows and/or macOS)
Hands-on experience with reverse engineering or dynamic/static analysis tools
Ability to write code for automation, tooling, and proof-of-concepts
Strong written and verbal communication - ability to write compelling research and present at conferences
Nice to have:
Solid understanding of web and browser security fundamentals
Experience with browser internals or browser extension security
Background in endpoint security, EDR, or DLP
Experience with static analysis tools (Semgrep, CodeQL, Joern, or similar)
Knowledge of software supply-chain attack patterns
Published security research - blog posts, CVEs, or conference talks (Black Hat, DEF CON, BSides, etc.)

Requirements:
At least 10 years of hands-on embedded software development on multidiscipline embedded systems that went to production (in the field).
Strong proficiency in C/C++, microcontrollers, low-level programming, and real-time design.
Experience with RTOS environments (FreeRTOS, Zephyr, ThreadX, or similar).
Strong understanding of peripherals, drivers, bootloaders, and hardware abstraction layers.
Skilled with debugging tools such as JTAG, SWD, oscilloscopes, and logic analyzers.
Familiarity with communication protocols: I²C, SPI, UART, USB, BLE, Wi-Fi.
Familiarity with embedded development environments such as IAR, Keil, ModusToolbox, and VS Code.
Experience working within modern CI/CD workflows, version control, and automated testing frameworks for embedded systems.
Strong communication skills and the ability to work effectively with multidisciplinary teams.
Comfortable working in a regulated environment with attention to documentation, traceability, and quality.
Self-driven, detail-oriented, and able to take ownership of complex technical challenges

Requirements:
B.S. degree in Computer Science or a related field, or equivalent work experience.
At least 5 years of R&D experience.
In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
Experience with pen-testing, researching, discovering, or publishing vulnerabilities.
Reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb).
Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages.
One or more security related certifications (e.g. OSCP).
At least a years experience with Nessus Sensor and working with the NASL language.
An understanding of NASL coding standards.
Prior experience performing open-ended research when given high-level requirements and details of the desired output.
Some experience with reviewing code and providing feedback.
Experience with understanding and implementing RFC standards and protocols.
Experience with Python programming language.
Experience with systems administration and be comfortable working at the command line.
In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
Some exposure to security standards such as NIST 800-53, CIS, or DISA STIGS.
In-depth protocol analysis and interaction. Solid knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing.
Experience with crash dump analysis and exploit development.
Experience writing blogs and whitepapers to showcase research as well as presenting at security conferences.
Ability to sit and work at a computer for extended periods of time.
Some travel may be required.

Requirements:
6+ years of hands-on experience in security research, with at least 3 years focused on vulnerability research, Red Teaming, or offensive cyber operations.
Proven track record of breaking complex systems across diverse environments (cloud, hybrid, on-prem, web applications, and container/VM escape).
Deep hands-on expertise in AI/ML security, including model architectures, adversarial ML tactics, and attacking LLM-based applications.
Advanced proficiency in multiple programming languages (e.g., Python, C/C++, Go) and a strong grasp of Windows/Linux internals and reverse engineering.
Demonstrated ability to innovate by developing original tools, frameworks, or techniques that enhance and automate security research.
Thorough understanding of the modern threat landscape, attacker kill chains, and the MITRE ATT&CK framework.

Requirements:
Computer Science or equivalent degree graduate, or equivalent experience from an IDF tech unit.
Experience researching Android and/or iOS platforms familiarity with Linux internals is a plus.
Experience with low-level reverse engineering
Experience with reverse engineering tools and decompilers (e.g., JADX, JEB, IDA Pro, Ghidra)
Familiarity with instrumentation tools such as Frida - Advantage
Understanding of networking fundamentals and protocols
Proficiency with HTTP debuggers, MITM tools, and network analyzers (e.g., Fiddler, Burp Suite, Wireshark)
Experience analyzing mobile application network communication and APIs
Experience with scripting or automation (Python preferred)
Hands-on experience in object-oriented development, preferably using .NET / C#
Excellent communication skills and the ability to work independently and collaborate effectively with team members
Strong problem-solving skills and attention to detail
Strong self-learning skills and motivation to make an impact

Requirements:
7+ years of experience in security research, detection engineering, incident response, or comparable hands-on security roles
Demonstrated expertise in at least two of the following areas (and working knowledge in the others):
Linux internals / operating systems fundamentals
Cloud security (AWS/Azure/GCP), including common attack paths and misconfiguration patterns
DFIR, threat hunting, and investigation workflows using telemetry and logs
Vulnerability research or vulnerability management at scale (triage, prioritization, exploitation understanding)
Application and API security fundamentals
Strong programming skills in Python (Go is a strong plus); ability to produce maintainable research code and production logic
Strong data skills: comfortable working with large telemetry datasets (SQL and log analytics platforms such as Elastic or similar)
Ability to reason about attacker behavior, build threat models, and validate detections with repeatable testing
Excellent written and verbal English communication, including the ability to explain nuanced technical tradeoffs to non-research audiences
Track record of driving cross-team execution and shipping impactful security capabilities
Nice to have:
Experience with Kubernetes and container runtime security
eBPF or low-level telemetry approaches, syscall or kernel-level visibility
Reverse engineering and malware analysis
Offensive security background (web, cloud, exploit development)
Contributions to open-source security projects or published research
Experience using automation or AI-assisted techniques to scale research and detection workflows.

Requirements:
* B.Sc. in Electrical Engineering, Computer Engineering, Computer Science, or a related field.
* 6+ years of experience in Embedded systems / firmware development.
* Strong experience in low-level programming ( C / C ++) and system -level understanding.
* Hands-on experience working with Linux in Embedded environments.
* Proven ability to work across hardware and software interfaces ( system integration).
* Strong system -level thinking and architecture understanding.
* Ability to work independently and take full ownership of a domain.
* Experience or familiarity with Lua- Advantage

Requirements:
What You'll Need:
5+ years of experience in security research, vulnerability research, or offensive security.
Familiarity with OWASP Top 10 for Large Language Model Applications (prompt injection, data poisoning, system prompt leakage).
Ability to analyze complex systems from an attacker's perspective, identify weaknesses and exploit them.
Strong understanding of AI systems, frameworks, and deployment patterns, with proven ability to exploit them.
Proven track record of novel, complex security research in cloud security or application security, with published work (blogs, papers, conference presentations).
Highly motivated, curious, and comfortable navigating unknown territory.
Strong communication skills, written and verbal, with the ability to articulate novel risks and technical findings clearly.

And Ideally:
Experience discovering and disclosing vulnerabilities (CVEs, bug bounty, responsible disclosure).
Experience analyzing systems for data leakage or unintended information exposure.
Solid understanding of cloud platforms (AWS, Azure, GCP) and cloud security concepts.
Experience tracking the evolving AI ecosystem and translating new developments into security research.