RemoteLeaf Logo
Log in Sign up

Cleared Vulnerability Research Engineer

1 month, 1 week ago
United States
Full-time
Lead
Research Scientist
Software Development
Assembly C Python
Apply Now
Bugcrowd

Bugcrowd

Bugcrowd provides a crowdsourced cybersecurity platform that connects organizations with elite security researchers to enhance security measures through managed bug bounty programs, penetration testing, and vulnerability disclosure initiatives.

Internet Software & Services
1K-5K
Founded 2012
$79M raised
View All Jobs 12

Description

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems.
  • Perform expert reverse engineering of binaries at the x86-64, ARM64, and related architecture levels using industry-standard tools.
  • Identify and exploit real-world vulnerability classes such as use-after-free, type confusion, integer truncation, and buffer overflow.
  • Discover new vulnerabilities in complex systems rather than only exploiting known issues.
  • Apply current vulnerability research to uncover new instances of known vulnerability classes.
  • Use both manual analysis and automated techniques such as fuzzing for vulnerability discovery.
  • Code and debug complex functions in C, Python, and Assembly.
  • Independently scope, research, experiment, validate, and iterate on research objectives.
  • Travel to customer sites and perform work on-site for extended periods as required.

Requirements

  • Experience with reverse engineering binaries using tools such as Binary Ninja, Ghidra, or IDA Pro.
  • Strong understanding of stack and heap objects and exploit-relevant vulnerabilities.
  • Demonstrated ability to discover new vulnerabilities in complex systems.
  • Experience with both manual analysis and automated vulnerability discovery techniques such as fuzzing.
  • Ability to code and debug in C, Python, and Assembly for x86-64, ARM, and similar environments.
  • Ability to independently translate an under-defined mission objective into a concrete technical capability.
  • Comfort operating with minimal supervision and incomplete problem definitions.
  • TS/SCI clearance required; inactive SCI is acceptable if SCI-clearable.
  • Ability to travel to customer sites as required and work on-site in cleared spaces for extended periods.
  • Experience with exploit development and vulnerability research is strongly implied as a core qualification.

Benefits

  • Base salary range of $154,800 to $193,500.
  • Eligibility for a discretionary bonus program or commission plan based on individual and organizational performance.
  • Remote work-from-home arrangement with travel to a customer location in Alabama.
  • Reasonable accommodations available for qualified individuals with disabilities.
  • Comprehensive background check process for positions involving sensitive information.
  • Opportunity to work in a collaborative, inclusive environment that values diverse backgrounds and perspectives.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

The Missing Link

Saviynt IAM Specialist

The Missing Link 51-250 Internet Software & Services

The Missing Link is seeking a Security Engineer - Saviynt to support large enterprise identity governance initiatives, design and deliver Saviynt-based solutions, and strengthen its growing cyber security practice.

India Full-time Mid Level Security Engineer
Active Directory Azure Cybersecurity JavaScript PowerShell REST API SAP SQL
5 hours, 41 minutes ago
EnableComp

AI Security Architect (REMOTE - United States)

EnableComp 251-1K Insurance

EnableComp is seeking a remote AI Security Architect to secure and govern its AI and machine learning initiatives within its healthcare revenue cycle management environment.

United States Full-time Senior AI Engineer Security Engineer
Azure Cybersecurity HIPAA LLM Machine Learning
5 hours, 56 minutes ago
Dropbox

Senior Infrastructure Security Engineer

Dropbox 1K-5K Internet Software & Services

Dropbox is hiring a Security Engineer to secure its AI and agentic infrastructure while helping protect products and users across cloud and on-prem environments.

Canada Full-time Lead Infrastructure Engineer Security Engineer
$152k-$206k
Bash CI/CD CrowdStrike Go Java Kubernetes Linux LLM Node.js OAuth OpenID Connect OWASP Python Ruby Rust SIEM
5 hours, 56 minutes ago
Fullscript

Staff, Security Engineer

Fullscript 251-1K Health Care Providers & Services

Fullscript is hiring a Staff Security Engineer to lead hands-on security engineering across its healthcare technology platform, shaping secure product development and protecting systems that support practitioners and patients.

United States Canada Full-time Lead Security Engineer
AWS GitHub GitLab GraphQL JavaScript Node.js Penetration Testing Ruby on Rails
6 hours, 26 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers