Listing Description
Qualifications
Minimum 2 years of Computer Security work experience
Thorough understanding of different vulnerability types and common weakness enumeration (CWE)
Familiarity with web application and/or OS-level vulnerability categories and documentation (OWASP, CVE)
Able to communicate how an attacker would go about exploiting a vulnerability and what types of activity they could use it for
Understanding of patch management and software development lifecycle (SDLC)
Strong writing skills with ability to communicate clearly and efficiently
Strong interpersonal skills and ability to collaborate in a team environment
Understanding of security and networking basics
Understanding of one or more of the following: C/C++, PHP, Perl, Python, JavaScript, Ruby, SQL, Assembly
Experience with one or more of the following: Windows, Apple Mac OS X, Linux and Unix
Experience reviewing and testing exploit code
Additional Desired Qualifications:
Experience using VMWare, including how to set up and use a VM for testing
Functional ability to write code using Python
Experience developing functional exploit or proof-of-concept code
Understanding of the general threat landscape and how vulnerabilities and their exploitation impact it
Experience developing Yara, Snort, or other signatures
Familiarity with tools such as Wireshark, nmap, Metasploit, Nessus, Snort, etc.
Experience with analyzing large data sets to identify notable conclusions or actionable trends for reporting
Foreign language expertise (Russian, Chinese, etc…)Monitors public sources for vulnerability information
Performs deep assessment of vulnerabilities
Researches and writes actionable reports
Briefs on issues of internal and external customer interest
Ensures the accuracy and integrity of information throughout reporting
Responds to internal and external customer inquiries on vulnerabilities and related topics
Reports changes to the state of existing vulnerabilities to internal team members
Reviews and tests exploit code
Participates in directed research and development tasks
Creates intelligence gathering requirements
Maintains subject matter expert status in assigned areas
Develops functional exploit or proof-of-concept (PoC) code for basic vulnerabilities
Listing Details
- Citizenship: Us Citizen
- Incentives: Both
- Education: Bachelors Degree
- Travel: No Travel
- Telework: No Telecommute