Senior Security Researcher
Posted on May 20, 2020 by Endeavour Recruitment
Endeavour Recruitment has an excellent opportunity for a Senior Security Researcher to join a global technology brand for a long-term contract. The successful candidate will be joining the team of security researchers, which offers an independent evaluation of the security measures in a product by attacking and reverse engineering the existing protections. This is a contract offering initial remote working, with the candidate required to be onsite Full time once things return to normality.
The team have been developing products in the areas of security for many years. They are responsible for anti-tampering, anti-debugging, obfuscation, security hardening and other protection measures to software applications running on different consumer devises. The team is also responsible for organising the cumulated knowledge about existing vulnerabilities and potential threats on specific targets. Auxiliary tools are developed as part of the execution and automation about existing vulnerabilities and potential threats on specific targets.
This position is available as either a contract or permanent role.
- Hands on security testing/reverse engineering (black/grey/White Box depending on the project)
- Performing vulnerability research on a variety of the clients Embedded devices (mostly ARM based) and windows-based products to identify previously unknown vulnerabilities affecting the products
- Identifying ways of bypassing license schemes and stripping off DRM systems used in products while recommending countermeasures against such kind of attacks
- Performing security source code review (mainly C/C++)
- Development of security assessment tools and PoCs for the identified vulnerabilities
- Writing clear vulnerability reports and provide guidance to the development teams on fixing the security issues
- Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams.
- Experience with reverse engineering tools and techniques:
- Debuggers, decompilers, disaddemblers, deobfuscators
- Static and dynamic binary analysis, binary injection
- Packet sniffers
- Excellent analytical skills
- Good C/assembly development skills
- Experience with both Linux and Windows OS
- Anti-tamper tools and techniques
- Hardware attack vectors
- Malware analysis
- Cryptography (RSA, SHA, AES, )
- Understanding of security architecture of Android/iOS OS
- Networking protocols
If you are a Security Researcher looking for your role, please apply with your CV