Listing Description
This role would be responsible for discovering and exploiting vulnerabilities affecting web-browsers. The work includes attack vector enumeration, static and dynamic analysis of the target, reverse engineering, debugging, identification of vulnerabilities, exploitation, and technical documentation.
Exodus offers a full benefits package at no cost to the employee including: Health, Dental, Life and Vision. Our team enjoys a flexible work schedule and catered lunches daily at the main office in Austin, TX. A relocation package is available for out of area candidates wishing to move. Due to the nature of the information security industry there are many opportunities for paid travel to various conferences and employees wishing to prepare technical material to speak at any conference are provided with any assistance necessary.
At Exodus we pride ourselves on developing cutting edge research. Our customers trust us to provide unique research they can’t acquire anywhere else. However, sometimes we deem it appropriate to publish research to drive innovation and technical advances in the public domain. When appropriate, Exodus incentivizes our researchers to publish their research through a blog post, a conference presentation, and sometimes through a bounty contest. Check out these exemplars:
[0day] Pwn2Own $50,000 Bug Bounty Win
Article: https://threatpost.com/firefox-edge-pwn2own/143082/
Blog: https://blog.exodusintel.com/2019/05/19/pwn2own-2019-microsoft-edge-renderer-exploitation-cve-2019-9999-part-1/
[nday] Patch Gapping Google Chrome
Blog: https://blog.exodusintel.com/2019/09/09/patch-gapping-chrome/
[appearances] OffensiveCon 2020 Berlin
Safari Sandbox Escapes: https://www.offensivecon.org/speakers/2020/ki-chan-ahn.html
Exploiting the "Unexploitable": https://www.offensivecon.org/speakers/2020/b1ack0wl.html
We're looking for the following qualities in candidates:[required] Fluent in Intel and/or ARM assembly, C/C++ and Javascript code.
[required] Demonstrated ability to discover and exploit 0day vulnerabilities in modern web browsers.
[required] Understanding of latest memory corruption mitigations.
[required] Competency with debuggers and IDA Pro.
[preferred] A thorough understanding of modern web browser internals.
[preferred] A thorough understanding of a wide range of vulnerability classes.
[preferred] A history of publishing or presenting original research -OR- references for production grade exploit development.
Listing Details
- Citizenship: No Requirements
- Incentives: Bonus
- Education: No Requirements
- Travel: Travel 25
- Telework: Full Telecommute