Job Description
- Conduct cyber risk assessment (red team engagement) in support of technology initiatives to emulate the APT adversary scenarios, and help identify IT related risk and determine appropriate controls to mitigate risks
- Monitor, track, and manage unknown risk mitigations and exceptions, and ensure adequate monitoring capability is incorporated into solutions
- Research the undiscovered vulnerabilities (0-day) against different IT infrastructures, including operating systems (Windows/Linux), cloud native (Kubernetes/Docker), network devices (routers/switches/firewalls/VPNs), and endpoint management (VMware Workspace ONE/IPMI)
- Deliver the exploit code and plugins for identified vulnerabilities
Requirements
- Bachelor’s degree or higher in Computer Science, Information Technology, Programming & Systems Analysis, Engineering, Statistics, or other related fields
- Minimum 3 years of relevant work experience
- Hands-on experience in writing standalone PoCs of infrastructure vulnerabilities, including writing exploit codes based on known PoCs of vulnerability descriptions
- Familiar with common vulnerability classes such as buffer overflows, command injection, insecure deserialization
- In-depth understanding of modern security mitigations and methods to bypass them (e.g. stack cookies, SafeSEH, DEP, ASLR, CFG, etc)
- In-depth understanding of security mechanisms of Windows/Linux systems, and familiar with offensive techniques in ring0/ring3
- Experience in vulnerability analysis, fuzzing, reverse engineering, or advanced exploitation techniques, with proficiency in tools such as IDA Pro, OllyDBG, WinDBG, GDB, Burp Suite, etc
- Proficient in programming languages like Python, Go, or Java
- Strong communication skills and effective teamwork spirit
- Self-starter and fast learning ability