Vulnerability Research Engineer Overview
A Vulnerability Research Engineer is a person who is part of a research team. The research team in in turn responsible for research and analysis of new exploits. Qualifications include:
- Extensive knowledge of C/C++, python, assembly language or additional scripting and programming languages.
- An Master of Science of Bachelor of Science degree in Computer Science.
- Some companies require at least one of two years of experience within the industry.
- Some companies require specific experience with system security and/or de-bugging experience in C (Unix and/or Windows environments).
- Relevant experience involving WinDbg or OllyDbg, BinDiff and IDA Pro.
- In-depth knowledge of various TCP and/or IP protocols (sometimes a specific focus is required on CIFS, MSRPC and SMB).
- Experience with signature development and penetration testing, along with writing exploit code.
- Knowledge of fault injection frameworks or fuzzing and virtualization.
Job Duties List
Job duties of a vulnerability security research engineer can differ, depending on the specific company or institution the individual may by employed by, but general job duties often include requirements to:
- Review, isolate, analyze and then reverse-engineer programs that are vulnerable or malicious code in order to determine and understand the specific nature of the threat.
- Document the specific attack capabilities of the specimen (code, virus, etc.) and understand the concept of exploitation scenario.
- Create a detailed technical report concerning the treat, along with PoC code.
- Provide detection guidance to other team members or additional security teams in a timely manner.
- Stay on top of the “vulnerability landscape” and be up-to-date on current attacks or potential attacks and prepare counter-measures (if possible) to thwart those attacks or at least be prepared for them.
- Analyze common network services and software applications in order to discover new and potential vulnerabilities.
How to become a(n) Vulnerability Research Engineer
Vulnerability Research Engineering is one of the fastest growing careers in the tech industry and InfoSec Institute is proud to offer a variety of training courses to help students get their foot in the door. Our Advanced Ethical Hacking course will help you earn multiple certifications and provides everything you need to boost your career!
The InfoSec Institute Advantage
Exam Pass Guarantee
We offer peace of mind with our Exam Pass Guarantee for Live Online students. This means that even if you fail your first attempt at the exam, you'll get a second chance at certification at not cost to you.
Knowledge Transfer Guarantee
Employers may re-enroll a different student if the first InfoSec graduate leaves the company within three months of obtaining certification.
Knowledge Retention Guarantee
InfoSec graduates may re-enroll in classroom-based or Live online courses tuition-free for up to one year after course completion (or until certification_ to refresh skills or revisit course content.
Common Courses for Vulnerability Research Engineer
Ethical Hacking Boot Camp - CEH v10 Training
Advanced Reverse Engineering Malware Training Boot Camp
Computer and Mobile Forensics Training Boot Camp
Advanced Ethical Hacking Training Boot Camp
This a fairly new and quickly expanding area of computer security and is expected to steadily increase in demand, making overall job outlook right now at least a B+.
The salary of a vulnerability security research engineer will vary based on experience. Those just starting out usually earn around $60,000 to $70,000 per year (those working at an institution (university, research facility, etc.) tend to have a higher starting salary. According to Simplyhired.com, a vulnerability research engineer has an average salary of (as of 2017) $96,000 based on at least 2-3 years of experience.
Vulnerability Research Engineer Resources
Common Certifications for Vulnerability Researchers
Courses for Vulnerability Researchers