Junior Vulnerability Researcher

The role consists in performing state-of-the-art vulnerability research and exploit development.

• Research vulnerabilities in web application, mobile application, desktop applications, network services and OT/ICS/SCADA software
• Triage software crashes and identify exploitable vulnerabilities
• Develop working proof-of-concept exploits
• Write Vulnerability Intelligence Reports (VIR)

• General knowledge of Windows Internals
• Knowledge of network protocols (DNS, HTTP, SSH, RDP, etc.)
• Knowledge of common exploit mitigations and how to bypass them (e.g. DEP, ASLR, CFG, etc.)
• Strong understanding of the vulnerability discovery process
• Strong understanding of the various types of memory corruption vulnerabilities
• Ability to read and understand code written in Assembly, C/C++, PHP, NodeJS (JavaScript), Java and .NET
• Ability to reverse engineer simple network protocols and write network fuzzers
• Ability to discover vulnerabilities using static and dynamic analysis
• Ability to use vulnerability research tools (e.g. IDA, Ghidra, WinDBG, WinAFL etc.)

Some demonstrated experience with at least half of the vulnerability classes listed below:

• Stack Overflow
• Use-After-Free
• Heap Overflow
• Race Conditions
• Code Injection
• Command Injection
• SQL Injection
• Authentication Bypasses

Beyond his or her technical skills, the successful applicant should first and foremost be someone who is personable and good-natured, neatly presentable, and efficient. Strong communication skills, both verbal and written, as well as interpersonal skills be considered as best matches with the culture and environment of the Company.

The candidate’s work ethics should include dedication and conscientious awareness and focus to deliver the best outcomes.

Inquiries

To apply to work with Mossé Security, please email your curriculum vitae and contact details to [email protected].