Junior Vulnerability Researcher

Role Characteristics

The role consists in performing state-of-the-art vulnerability research and exploit development.

Essential Duties and Responsibilities

  • Research vulnerabilities in web application, mobile application, desktop applications, network services and OT/ICS/SCADA software
  • Triage software crashes and identify exploitable vulnerabilities
  • Develop working proof-of-concept exploits
  • Write Vulnerability Intelligence Reports (VIR)

Required Knowledge and Skills

  • General knowledge of Windows Internals
  • Knowledge of network protocols (DNS, HTTP, SSH, RDP, etc.)
  • Knowledge of common exploit mitigations and how to bypass them (e.g. DEP, ASLR, CFG, etc.)
  • Strong understanding of the vulnerability discovery process
  • Strong understanding of the various types of memory corruption vulnerabilities
  • Ability to read and understand code written in Assembly, C/C++, PHP, NodeJS (JavaScript), Java and .NET
  • Ability to reverse engineer simple network protocols and write network fuzzers
  • Ability to discover vulnerabilities using static and dynamic analysis
  • Ability to use vulnerability research tools (e.g. IDA, Ghidra, WinDBG, WinAFL etc.)

Vulnerability Experience

Some demonstrated experience with at least half of the vulnerability classes listed below:

  • Stack Overflow
  • Use-After-Free
  • Heap Overflow
  • Race Conditions
  • Code Injection
  • Command Injection
  • SQL Injection
  • Authentication Bypasses

Qualities

Beyond his or her technical skills, the successful applicant should first and foremost be someone who is personable and good-natured, neatly presentable, and efficient. Strong communication skills, both verbal and written, as well as interpersonal skills be considered as best matches with the culture and environment of the Company.

The candidate’s work ethics should include dedication and conscientious awareness and focus to deliver the best outcomes.

Inquiries

To apply to work with Mossé Security, please email your curriculum vitae and contact details to [email protected].

NOTE: All candidates applying for technical roles must pass a technical assessment with Vetted Cyber Talent.
How to apply:

Email your curriculum vitae and contact details to [email protected].

Missing the skills required for this role?

Mossé Security operates Australia's largest corporate cybersecurity institute. We invite you to join our community of students and develop the skills that the industry is looking for. Click here to view our institute website.