What are the responsibilities and job description for the Sr. Security Vulnerability Researcher position at NexTech Solutions LLC?
The Senior Security Vulnerability Researcher-Cyber Engineer 4 will provide advanced technical expertise in assessing and improving the security posture of publicly and commercially available data, platforms, and software in support of a U.S. Government cybersecurity mission.
This role involves leading complex vulnerability research initiatives, identifying emerging threats, evaluating system weaknesses, and delivering high-impact recommendations to enhance resilience across government and partner systems. The successful candidate will serve as a technical authority, mentor junior researchers, and contribute directly to strategic vulnerability management and threat intelligence initiatives.
**Key Responsibilities**
Lead advanced research and analysis on vulnerabilities within publicly accessible and commercial data sources, platforms, and software relevant to government missions.
Direct and perform in-depth vulnerability assessments, exploit validation, and security posture evaluations.
Develop and oversee methodologies for identifying, categorizing, and prioritizing vulnerabilities using both automated and manual analysis techniques.
Track global vulnerability disclosures, emerging exploitation trends, and adversary tactics to inform proactive defense measures.
Apply expertise in reverse engineering, static and dynamic analysis, and protocol dissection to validate findings.
Guide junior analysts and researchers in vulnerability discovery, tool development, and analytic tradecraft.
Represent the research team in interagency or partner technical forums, ensuring alignment with government cybersecurity objectives.
**Leadership Responsibilities**
This position may potentiallyserve as the lead and primary point of contact for a team.
Requirements
Minimum of 9 years of professional experience in vulnerability research, penetration testing, exploit development, or cyber threat intelligence.
Proven experience supporting U.S. Government cybersecurity, defense, or intelligence programs.
Deep technical understanding of operating systems, network protocols, cloud architectures, and application security.
Proficiency with vulnerability analysis and exploitation frameworks (e.g., IDA Pro, Ghidra, Burp Suite, Metasploit, Nessus, Nmap).
Strong command of programming and scripting languages (e.g., Python, C/C , PowerShell, Bash).
Familiarity with CVE/CVSS scoring, MITRE ATTandCK, and vulnerability disclosure standards.
Demonstrated ability to synthesize complex technical data into clear, actionable intelligence products.
**Preferred Qualifications**
Advanced degree (M.S. or Ph.D.) in Cybersecurity, Computer Engineering, or related field.
Recognized industry certifications such as OSCP, OSCE, GREM, GXPN, CISSP, or GIAC GCTI.
Experience developing or customizing tools for vulnerability discovery, data analysis, or threat mulation.
Familiarity with secure software development practices, data protection, and privacy compliance requirements.
Experience mentoring, leading small research teams, or managing cybersecurity projects.
**Physical Demands and Work Environment**
The physical demands and work environment described are representative of those that an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
May involve occasional travel to secure facilities or client sites.
This role involves leading complex vulnerability research initiatives, identifying emerging threats, evaluating system weaknesses, and delivering high-impact recommendations to enhance resilience across government and partner systems. The successful candidate will serve as a technical authority, mentor junior researchers, and contribute directly to strategic vulnerability management and threat intelligence initiatives.
**Key Responsibilities**
Lead advanced research and analysis on vulnerabilities within publicly accessible and commercial data sources, platforms, and software relevant to government missions.
Direct and perform in-depth vulnerability assessments, exploit validation, and security posture evaluations.
Develop and oversee methodologies for identifying, categorizing, and prioritizing vulnerabilities using both automated and manual analysis techniques.
- Collaborate with internal and external stakeholders to develop mitigation strategies and enhance vulnerability management processes.
Track global vulnerability disclosures, emerging exploitation trends, and adversary tactics to inform proactive defense measures.
Apply expertise in reverse engineering, static and dynamic analysis, and protocol dissection to validate findings.
Guide junior analysts and researchers in vulnerability discovery, tool development, and analytic tradecraft.
Represent the research team in interagency or partner technical forums, ensuring alignment with government cybersecurity objectives.
**Leadership Responsibilities**
This position may potentiallyserve as the lead and primary point of contact for a team.
Requirements
- Fluency in English (written and spoken)
- U.S. citizenship and ability to obtain and maintain a TS/SCI security clearance with the US Government.
- Bachelors degree in Computer Science, Cybersecurity, Information Security, or a related technical field Masters degree preferred).
Minimum of 9 years of professional experience in vulnerability research, penetration testing, exploit development, or cyber threat intelligence.
Proven experience supporting U.S. Government cybersecurity, defense, or intelligence programs.
Deep technical understanding of operating systems, network protocols, cloud architectures, and application security.
Proficiency with vulnerability analysis and exploitation frameworks (e.g., IDA Pro, Ghidra, Burp Suite, Metasploit, Nessus, Nmap).
Strong command of programming and scripting languages (e.g., Python, C/C , PowerShell, Bash).
Familiarity with CVE/CVSS scoring, MITRE ATTandCK, and vulnerability disclosure standards.
Demonstrated ability to synthesize complex technical data into clear, actionable intelligence products.
**Preferred Qualifications**
Advanced degree (M.S. or Ph.D.) in Cybersecurity, Computer Engineering, or related field.
Recognized industry certifications such as OSCP, OSCE, GREM, GXPN, CISSP, or GIAC GCTI.
Experience developing or customizing tools for vulnerability discovery, data analysis, or threat mulation.
Familiarity with secure software development practices, data protection, and privacy compliance requirements.
Experience mentoring, leading small research teams, or managing cybersecurity projects.
**Physical Demands and Work Environment**
The physical demands and work environment described are representative of those that an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
- Prolonged periods of sitting at a desk and working on a computer.
- Ability to sit or stand for long periods of time
- Fast-paced, mission-driven environment supporting sensitive government cybersecurity initiatives.
May involve occasional travel to secure facilities or client sites.
- Standard work schedule is Mon-Fri with core hours from 7am-5pm EST
- 8 hour work day with flexibility within the core hours of operation.
