Cyber Vulnerability Researcher – Penetration Tester
Posted on Feb 2, 2019 by Anonymous
I am currently recruiting for an experienced Penetration Tester within Cyber Vulnerability to work on a permanent basis for my Defence client based in Gloucester.
As the Cyber Vulnerability Researcher you will be required to work on a large range of projects including reverse engineering and complete write ups passing on the knowledge of development testing. The main responsibilities are as follows;
* Conduct research and analysis of new vulnerabilities in software, firmware, devices and systems.
* Review, isolate, analyse and then reverse-engineer programs that are vulnerable or malicious code to determine and understand the specific nature of the threat.
* Document specific attack capabilities of specimens exploits (code, virus, etc.) and understand the concepts involved.
* Create a detailed technical report concerning the threat, along with proof of concept code.
* Maintain current knowledge of published vulnerabilities and on current and potential attacks and prepare counter-measures.
* Provide guidance to others about how to detect identified threats and defend against them in a timely manner.
* Analyse common network services and software applications to discover new and potential vulnerabilities
Key Skills/ Experience
* Static and dynamic code / process analysis.
* Vulnerability research, reverse engineering using appropriate tools
* Penetration testing.
* Extensive knowledge of C/C++, python, assembly language or additional scripting and programming languages.
* Currently hold or be willing to undergo SC clearance
* At least a bachelor's degree in computer science or similar subject.
* Experience within the industry.
* Experience with system security and de-bugging experience in C (Unix and/or Windows environments).
* Relevant experience involving WinDbg, OllyDbg, BinDiff and IDA Pro.
* In-depth knowledge of TCP and IP protocols.
* Experience with signature development and penetration testing, along with writing exploit code.
* Knowledge of fault injection frameworks or fuzzing and virtualization
The People Pod