Vulnerability Research Engineer

Job Description
A vulnerability security research engineer is a person who is part of a research team. The research team in in turn responsible for research and analysis of new exploits. Qualifications include:

• Extensive knowledge of C/C++, python, assembly language or additional scripting and programming languages.
• An Master of Science of Bachelor of Science degree in Computer Science.
• Some companies require at least one of two years of experience within the industry.
• Some companies require specific experience with system security and/or de-bugging experience in C (Unix and/or Windows environments).
• Relevant experience involving WinDbg or OllyDbg, BinDiff and IDA Pro.
• In-depth knowledge of various TCP and/or IP protocols (sometimes a specific focus is required on CIFS, MSRPC and SMB).
• Experience with signature development and penetration testing, along with writing exploit code.
• Knowledge of fault injection frameworks or fuzzing and virtualization.

Job Duties List
Job duties of a vulnerability security research engineer can differ, depending on the specific company or institution the individual may by employed by, but general job duties often include requirements to:

• Review, isolate, analyze and then reverse-engineer programs that are vulnerable or malicious code in order to determine and understand the specific nature of the threat.
• Document the specific attack capabilities of the specimen (code, virus, etc.) and understand the concept of exploitation scenario.
• Create a detailed technical report concerning the treat, along with PoC code.
• Provide detection guidance to other team members or additional security teams in a timely manner.
• Stay on top of the "vulnerability landscape" and be up-to-date on current attacks or potential attacks and prepare counter-measures (if possible) to thwart those attacks or at least be prepared for them.
• Analyze common network services and software applications in order to discover new and potential vulnerabilities.