Responsibilities:
1. On going vulnerability research in existing in-house & open source products
2. Report discovered vulnerabilities to development departments
3. Find 0-day vulnerabilities in existing products
4. Develop exploits for in-house products for testing & POC purposes
5. Help improve the security of in-house products by enhancing security layers.
The Skills:
To be successful in this role you should meet the following requirements:
● At least 3 years experience in security research
● A passion for IT Security, you get a thrill out of seeing how the latest exploit is set up, you love learning about new SIEM solutions and you’ve read all about Mitnick!
● Experience with vulnerability research; from hardware to software, white to black box, off the shelf to custom tooling kits.
● Scripting experience; again it doesn’t matter if you prefer Ruby to Python, it’s all about getting the job done and knocking up scripts / code to make your life easier / more automated.
● Core security knowledge; either commercially or in your home lab you’ve played around with Nmap, Nessus, Metasploit etc and are used to it that you can remember command lines quicker than you can your mobile phone number!
● Good understanding and knowledge of common industry cyber security frameworks, standards and methodologies, including; OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards.
● An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative and actionable manner.
● Proven ability to collaborate across industry, academia and government to solve complex cyber security problems.