Share this Job

Senior Vulnerability Researcher

Apply now »

Date: 24-Feb-2021

Location: New York, US

Company: Lloyds Register

Job ID:31861
Location:New York : 50 Broad Street (LR_L000353) 
Position Category:Information Technology
Position Type:Employee Regular



About Nettitude


Nettitude, a Lloyd’s Register company, is an award winning provider of Cyber Security and Assurance, Incident Response and Technology services to organizations across the world.  We are at a very exciting stage both in terms of our company but also in the Cyber Security marketplace. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen. Find out more about Nettitude at https://www.nettitude.com/ 


The role


Nettitude is looking to fill one senior role in our Research and Innovation department in order to bolster our capability in the field of Vulnerability research.  This will be a technically-challenging role, but for a candidate with the right skills it presents an exciting and rewarding opportunity to undertake state-of-the-art cybersecurity research.


What you’ll be doing


  • Our primary area of interest for vulnerability research is Microsoft Windows applications and device drivers, and in particular, commercial software that is likely to be found in an enterprise environment. The majority of research is expected to be internally-sponsored, usually with a view to responsible public disclosure, and with considerable scope for the successful candidate to shape the direction of research. There is also likely to be a small to moderate amount of commercially-funded work for third-party clients.
  • Exploit development is primarily directed towards supporting Nettitude’s Red Team with state-of-the-art attack tools for breaching enterprise IT environments. This includes developing payloads for establishing an initial foothold, and subsequent tooling for both lateral movement and actions on target. Red Team clients typically have a high level of technical sophistication, therefore it will be necessary to operate without detection in an environment that is very hostile to network intrusion.


Key skills:


Depending on the skills of the successful candidate there is scope to shape the role towards vulnerability research or exploit development, but some level of capability will be expected across both fields.


Essential skills and experience include:

  • Experience of finding vulnerabilities in Microsoft Windows applications and/or device drivers
  • Familiarity with exploit mitigation techniques on the latest Windows operating systems
  • The ability to reverse engineering x86/x64 executables and CLR assemblies
  • The ability to utilise debuggers and other dynamic analysis tooling for vulnerability research
  • A deep knowledge of Windows internals
  • Low-level coding skills (C++/C/assembly language)
  • Higher level coding skills (C#/VBA/Java/CPython/Python)
  • The ability to conduct research in an effective and accountable manner with minimal day-to-day supervision


Candidates would also be expected to have at least some of the following:

  • Familiarity with techniques for evading antivirus and Endpoint Detection & Response (EDR) software
  • Experience of other aspects of Red Team tradecraft and tooling
  • Experience of applying software engineering techniques for writing safe, effective and maintainable code
  • Experience in agile development environments and use of CI/CD pipelines
  • Experience of conference speaking, blog, whitepaper and briefing creation and delivery


What we offer:


We offer an exciting working environment with intellectual challenges, responsibility and the opportunity to undertake state-of-the-art cybersecurity research. An attractive remuneration package will be negotiated with the right candidate.




Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter



Copyright © Lloyd's Register 2020. All rights reserved. Terms of usePrivacy policy.

The Lloyd's Register Group comprises charities and non-charitable companies, with the latter supporting the charities in their main goal of enhancing the safety of life and property, at sea, on land and in the air - for the benefit of the public and the environment. (Group entities)

Lloyd's Register logo

Job Segment: Engineer, Developer, Java, Software Engineer, Engineering, Research, Technology