Senior Security Research Engineer

Senior Security Research Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are seeking a passionate and detail-oriented Senior Security Research Engineer to join our Vulnerability Research Development team. As a Senior Security Research Engineer, you will be part of a motivated engineering research team that is responsible for the research, development, and delivery of detection signatures for our vulnerability scanning products. This role requires close collaboration with cross-functional teams to implement complex features. This opening is your opportunity to work in the rapidly expanding field of computer security with a company with excellent customer ratings and outstanding growth rates.

Responsibilities:

• Research vulnerabilities in the areas of applications, operating systems, databases, TCP/IP protocols, network devices, and various services.
• Develop, test, and maintain high-quality detections to detect known vulnerabilities and 0-day threats.
• Research new and emerging technologies to identify vulnerabilities and exploits.
• Collaborate with security researchers, product teams, and QA engineers to ensure the timely delivery of detection content.
• Research Zero-day vulnerabilities and actively attack vulnerabilities to deliver fast detection content within hours of vulnerability disclosure.
• Identify and streamline repetitive workflows for efficiency.
• Participate in code reviews for signatures, tools, and automation scripts.
• Stay up to date with the latest CVEs, advisories, and security intelligence feeds.
• Work with our Customer Support and Research teams to troubleshoot and triage customer issues such as false positives and false negatives.

Qualifications:

• 5+ years of industry experience in network and systems security.
• In-depth knowledge of TCP/IP, SSL, HTTP, FTP, SSH, DNS and others.
• Knowledge of OWASP top 10 and familiarity with other web-based attacks.
• Proficiency in at least one scripting language (Python, Bash, Go).
• Ability to quickly analyze proof-of-concepts, or exploits and translate them into accurate signatures.
• Experience with network analysis tools, and analysis of packet captures.
• Knowledge of different Databases (Oracle, DB2, etc.) and system Administration.
• Ability to shift priorities as needed.
• Strong understanding of VPN, Firewalls, Intrusion Detection Systems (IDS), and security tools.
• Excellent written and verbal communication skills.

Additional Plus Competencies:

• Understanding of Lua (preferred), or Python.
• Proficient with regular expressions.
• Knowledge of Virtualization software (VMWare, Virtual PC/Virtual Box, XEN, etc.).
• Knowledge of Cloud Platforms (AWS, Azure, Oracle, etc.).
• Knowledge of container technologies such as Docker and Kubernetes.
• Able to handle projects independently.
• OSCP, CISSP, or SANS GIAC certifications.