Senior Security Research Engineer

Responsibilities

• Document , develop and present mitigation strategies in web applications , databases, standalone applications, etc.
• Analyze the root cause of vulnerabilities and support the prioritization of mitigations based on risk and return on mitigation Provide mitigation strategies that prioritize risk against level of effort for multiple systems or organizations Catalog mitigation advice, challenges, and trends and patterns Patch diffing and r everse engineering with tools such as Ghidra , IDA, etc.
• Research, analyze, and assess attack surface and vulnerability data Develop tailored and actionable mitigation strategies and plans to address vulnerability risk Work with new and emerging vulnerability data to identify potential attack paths in critical systems.

Requirements

• Conduct research to assess and create software patches and configuration changes to be applied to varied software, middleware and hardware Provide assessment including security, system, and business impact of vulnerabilities Must be able to think ahead to avoid business outages based on the lab results Analyze vulnerability data and support management of identified vulnerabilities, including tracking, remediation, and reporting Desired Skills : Excellent understanding of network, system and application
• Experience with IDA Pro, Ghidra , or similar binary analysis tool Knowledge of various vulnerability scanning solutions is a plus Excellent written and verbal communication Graduate with preferable 4 years degree or at least 3-year degree with computer science and information technology background S ecure architecture designs and use of detection/protection mechanisms (e.g., firewalls, IDS/IPS, full-packet capture technologies) to mitigate risk A solid understanding of industry best practices for Patch
• experience mapping business processes and comparing those processes to industry best practices Background around using or understanding of security tools would be plus Solid understanding of the security implications of a patch on web applications, Windows, Linux, Mac OS operating systems Thorough testing of patches in a non-production environment Have working knowledge of basic operation systems commands and tooling - Windows, Linux, Mac OS Should have very good communication and articulation skills

Additional details