Loading...
 
Share this Job

Senior Vulnerability Researcher

Apply now »

Date: 04-Nov-2021

Location: Leamington Spa, GB, CV31 3RZ

Company: Lloyds Register

About Nettitude

 

Founded in 2003, Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace. Through our research and innovation centres, we provide threat led services that span technical assurance, consulting and managed detection and response offerings.

To learn more, please visit https://www.nettitude.com/

 

 

The role

 

Do you love tearing binaries apart?  Does finding and exploiting critical vulnerabilities fill you with joy?  Do you know your heap from your stack?  Is being surrounded by smart and supportive peers really important to you? 

If you answered ‘yes’ to these questions then we have something for you.

We have spent the last few years developing a highly technical and highly driven research team.  Within that team, we have just created a new senior level position.  We’d love the opportunity to help you develop your impressive skills even further. 

You’ll find yourself engaging in cutting edge cyber security research alongside a high performing team of diverse and supportive peers. 

If this sounds interesting, keep on reading.  We’d love to welcome you to our team!

 

 

Location

 

This role is remote. Applicants will need to be resident and have the right to work in the UK.

 

What you'll be doing in your role:

 

As a senior vulnerability researcher within our research team, you’ll primarily be:

  • Searching for directly exploitable vulnerabilities in desktop and mobile software commonly used to support large organizations, especially in Microsoft Windows.
  • Creating exploits for both internally and externally discovered vulnerabilities.
  • Reverse engineering patches in enterprise grade software in order to discover newly patched vulnerabilities.
  • Supporting the development of our Command & Control (C2) software, with a particular focus on developing payloads. 
  • Creating content, such as blog posts, detailing your latest technical findings.
  • Working closely with a team of researchers and red teamers as a mutually trusted authority on security research.

The majority of our vulnerability research is internally sponsored.  As an expert in your field, you will help shape the direction of your research, based on industry trends and Nettitude objectives. 

Our vulnerability research is primarily designed to 1) showcase our technical capabilities 2) support our offensive security teams with delivering assurance services such as red teaming. 

We operate a coordinated disclosure policy to ensure there is a responsible and balanced approach towards ensuring user safety.  There may be occasions where vulnerability research is sponsored by a trusted third party or held internally for a longer period of time.  In all cases, we ensure ethical conduct is our top priority.  

You’ll be working closely with our red team to help ensure that we’re always able to mimic real threat actors by adopting various tactics, techniques and procedures, typically at a sophisticated level.  Your research and development will support our ability to continue providing top tier red team services to global organizations, as well as provide value to those in defensive security positions in the wider world.

 

 

Essential skills:

 

As a senior vulnerability researcher, you’ll have the ability to conduct high quality vulnerability research and exploit development. 

Essential skills and experience include:

  • A demonstrable history of identifying and exploiting vulnerabilities in Microsoft Windows applications and/or device drivers.
  • Expertise in exploit mitigation techniques on the latest Windows Operating Systems.
  • A deep knowledge of Windows internals.
  • The ability to reverse engineer x86/x64 executables and CLR assemblies.
  • The ability to utilize debuggers and other dynamic analysis tooling for vulnerability research.
  • Low level programming skills, e.g. one or more of C++, C, Assembly, etc.
  • Higher level programming skills, e.g. one or more of C#, VBA, Java, CPython, Python, etc.
  • The ability to conduct research in an effective and accountable manner.
  • The desire to be part of a diverse and inclusive team of experts who value and promote one another.

Certificates will be considered as a bonus, but they’re not essential.  You’ll be able to demonstrate practical technical skill and experience, with or without a certificate.

 

 

Desirable skills:

 

The following skills and experience are various levels of nice-to-have:

  • Reverse Engineering capability with architectures beyond x86/x64, e.g. ARM.
  • A demonstrable history of identifying and exploiting vulnerabilities in software commonly found in large organizations. 
  • Familiarity with techniques for evading Anti-Virus and Endpoint Detection & Response (EDR) software.
  • An understanding of mobile device security across various operating systems and hardware.
  • Red Team tradecraft and tooling.
  • Applying software engineering techniques for writing safe, effective and maintainable code.
  • Agile development environments and use of CI/CD pipelines.
  • Conference speaking, blog creation and whitepaper creation.

Anything else that could reasonably be highlighted as useful for this role would be carefully considered.  If you feel you have skills that supplement this list, you’re encouraged to highlight them to us.

 

 

What we offer:

 

There are lots of good reasons to come and work for our research team here at Nettitude.

We focus on our people and on opportunities.  It’s important to us that our people genuinely feel part of something important and that they have continuous opportunity to learn and develop.  We always have bold plans that are expertly met, which simply wouldn’t be possible without our great team. 

Specifically, every person who works with us can expect:

  • To be a valued member of an inclusive, supportive and high performing team.
  • To be part of an exciting environment that presents continuous intellectual challenges.
  • The opportunity to attend conferences and training in an array of both technical and non-technical areas.
  • The opportunity to mentor and to be mentored.  Personal and technical growth is really important to us.
  • Access to a wide array of tooling; both private and public; both free and commercial.
  • Competitive and regularly reviewed remuneration.
  • Career development opportunities in a multitude of directions and with our utmost support.

If you believe there’s a mutual fit then we’d love to hear from you.

 

 

Apply?

 

Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter


Job Segment: Engineer, Consulting, Developer, Java, Research, Engineering, Technology