What are the responsibilities and job description for the Senior Vulnerability Researcher position at W3Global?
About The Role
We are seeking a skilled and motivated vulnerability researcher with an active TS/SCI clearance and full-scope polygraph (preferred) or CI poly with sufficient experience (min 5 years of combined VR or exploit dev). This role invites career-oriented researchers and exploit developers to team with industry experts tackling the industry's hardest problems. This position presents the opportunity to engineer tangible contributions to mission-critical tasks, discover new vulnerabilities in widely used software, and guide the development process of turning those vulnerabilities into working exploits.
Requirements
Required Skills
We are seeking a skilled and motivated vulnerability researcher with an active TS/SCI clearance and full-scope polygraph (preferred) or CI poly with sufficient experience (min 5 years of combined VR or exploit dev). This role invites career-oriented researchers and exploit developers to team with industry experts tackling the industry's hardest problems. This position presents the opportunity to engineer tangible contributions to mission-critical tasks, discover new vulnerabilities in widely used software, and guide the development process of turning those vulnerabilities into working exploits.
Requirements
Required Skills
- Forensic familiarity in one of the following platforms: Windows, Linux//Unix, Android
- Proficiency in C/C and Python
- Proficiency with assembly (x86/x64/arm/aarch64)
- Familiarity with modern software engineering practices (Scrum, Agile etc.)
- Expert knowledge of cyber security systems, including networking, kernels, security subsystems (DEP, ASLR, ROP), etc.
- Fundamental understanding of Vulnerability Research concepts (fuzzing, static analysis, dynamic analysis)
- Ability to coordinate with customers, interpret and negotiate requirements, and communicate effectively with product stakeholders
- Proficiency with modern vulnerability discovery and analysis toolkits, such as mutation, evolutionary, and taint fuzzers, instrumentation based fuzzing, and symbolic or solver-based fuzzing
- Proficiency in a wide variety of real-world vulnerability development, such as the creation of PoCs of RCEs, LPEs, sandbox escapes, kernel security defeats, etc.
- Advanced proficiency in Reverse Engineering and associated toolkits (Ghidra, IDA, Binary Ninja)
- Advanced proficiency in application and kernel debugging, and associated toolkits (Windbg, gdb, etc)
- Familiarity with taking proofs of concept and productizing them into working exploits
- Familiarity with advanced Vulnerability Research topics such as symbolic execution, concolic execution, and automated tooling to conduct static analysis.