*We are unable to sponsor as this is a permanent Full time role*
*This can be a fully remote position*
A prestigious company is on the search for an Expert CRM Architect, Vulnerability Researcher. This position will focus heavily on offensive security vulnerability assessments and research manual & automated source code review. They will work with reverse engineering and binary analysis. They will focus on web applications, cloud infrastructure, red team/purple team, etc.
Responsibilities:
Performs vulnerability assessments using industry best practices on various environments, including web applications, APIs, and cloud infrastructure
Develops and manages testing methodologies that adhere to common security guidelines and NIST standards
Conducts an evaluation of cloud security configurations, identifies prevalent vulnerabilities in cloud security controls, and improves and maintains cloud testing standards
Provides detailed reports with proof of vulnerabilities, guidance, and advice to support customer teams through vulnerability remediation
Researches and develops innovative techniques, tools, and methodologies for vulnerability research and red team activities
Exercises thought leadership in the development and execution of security threats and malicious actors
Qualifications:
7+ years of work experience in the Cyber Security industry
Bachelor's Degree in Computer Science or Management Information related field, or equivalent work experience
Extensive experience in offensive cybersecurity roles, such as red teaming, penetration testing (eg, web, infrastructure, cloud), purple team exercises in cloud and on-prem environments
A robust understanding of contemporary security theory and application exploitation techniques and attack vectors (including the vulnerability life cycle and scanning methodologies (SAST, DAST, IAST, RASP)
Experience developing and managing testing methodologies that adhere to common security guidelines such as OWASP and frameworks such NIST 800 or MITRE ATT&CK
A solid understanding of computer architecture and organization with respect to binary analysis and exploitation
Ability to analyze, create, and debug shellcode and other low-level exploits
Experience developing custom security (either offensive or defensive) software in one or more compiled languages
Demonstrated abilities to reverse engineer binaries, enumerate vulnerabilities in compiled software, and provide working exploits (eg, CVEs, public acknowledgements, or ability to demonstrate on demand)
Familiarity with automated security analysis and fuzzing tools (eg, AFL and Peach)
Demonstrated ability to discover vulnerabilities via static analysis and source code review
A working understanding of key programming languages and frameworks (eg, Java, Node.js, Python, JSP, etc.), including the ability to pick up new languages quickly, understand the security implications of those languages, and enumerate vulnerabilities in custom-developed software packages that leverage those languages
Familiarity with Scripting/programming of Python, PowerShell, or C# with the ability to create and customize tools