Senior Vulnerability Research Engineer - exploits, 0-day, fuzzing
Tenable, Inc. via Stack Overflow
San Jose, CA
May 31st 2018
Tenable is looking for a Senior Research Engineer to join our 0-day security research team. This position will involve exploring the attack surface area of various software and systems, looking for new vulnerabilities, developing checks/plugins to detect these vulnerabilities via our products and coordinating disclosure of the 0-days found with vendors.
- Works on complex research and development initiatives
- Implements advanced detection logic while minimizing false positives & false negatives
- Participates in detection logic discussions and the research of new methods for detection
- Interfaces with stakeholders on externalizing the outcomes of some of the research
- Helps / trains other researchers, when needed
What you'll need:
- Proven track record of discovering 0-day vulnerabilities
- Keep abreast with the advancements and developments in the security industry and perform original research to keep our customers secure
- Develop detection scripts for Tenable's sensors (Nessus vulnerability scanner and others) based on the research findings
- Research and develop methods of detection for additional services and products from different vendors
- Demonstrably strong programming skills in one or more languages
- Ability and experience in showcasing original research externally – via blogs, white papers, etc.
- Ability to work independently as a researcher as well as part of a larger team
- Experience working with multiple operating systems
- Excellent written and verbal communication skills
- Adaptable and able to shift priorities as needed
- Meticulous in terms of quality & accuracy of work
- Willingness to explore and learn
- B.S. degree in Computer Science or a related field, or equivalent work experience
- At least 5 years of R&D experience
- In depth understanding of common security vulnerabilities, vulnerability classification, detection and exploitation techniques.
- Reverse engineering experience including binary analysis, packet capture analysis, and firmware analysis (using binwalk or other). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
- Experience with crash dump analysis and some exploit development.
- In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing
- Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
- Experience with researching, discovering, and publishing vulnerabilities
- Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and scripting languages
- Experience writing blogs and whitepapers to showcase research as well as presenting at security conferences
We're committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.