Cleared Vulnerability Research Engineer

2 months ago
Full-time
Lead
Software Development
Bugcrowd

Bugcrowd

Bugcrowd provides a crowdsourced cybersecurity platform that connects organizations with elite security researchers to enhance security measures through managed bug bounty programs, penetration testing, and vulnerability disclosure initiatives.

Internet Software & Services
1K-5K
Founded 2012
$79M raised

Description

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems.
  • Perform expert reverse engineering of binaries at the x86-64, ARM64, and related architecture levels using industry-standard tools.
  • Identify and exploit real-world vulnerability classes such as use-after-free, type confusion, integer truncation, and buffer overflow.
  • Discover new vulnerabilities in complex systems rather than only exploiting known issues.
  • Apply current vulnerability research to uncover new instances of known vulnerability classes.
  • Use both manual analysis and automated techniques such as fuzzing for vulnerability discovery.
  • Code and debug complex functions in C, Python, and Assembly.
  • Independently scope, research, experiment, validate, and iterate on research objectives.
  • Travel to customer sites and perform work on-site for extended periods as required.

Requirements

  • Experience with reverse engineering binaries using tools such as Binary Ninja, Ghidra, or IDA Pro.
  • Strong understanding of stack and heap objects and exploit-relevant vulnerabilities.
  • Demonstrated ability to discover new vulnerabilities in complex systems.
  • Experience with both manual analysis and automated vulnerability discovery techniques such as fuzzing.
  • Ability to code and debug in C, Python, and Assembly for x86-64, ARM, and similar environments.
  • Ability to independently translate an under-defined mission objective into a concrete technical capability.
  • Comfort operating with minimal supervision and incomplete problem definitions.
  • TS/SCI clearance required; inactive SCI is acceptable if SCI-clearable.
  • Ability to travel to customer sites as required and work on-site in cleared spaces for extended periods.
  • Experience with exploit development and vulnerability research is strongly implied as a core qualification.

Benefits

  • Base salary range of $154,800 to $193,500.
  • Eligibility for a discretionary bonus program or commission plan based on individual and organizational performance.
  • Remote work-from-home arrangement with travel to a customer location in Alabama.
  • Reasonable accommodations available for qualified individuals with disabilities.
  • Comprehensive background check process for positions involving sensitive information.
  • Opportunity to work in a collaborative, inclusive environment that values diverse backgrounds and perspectives.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Active Directory / Identity Engineer

Keywords Studios 10K-50K Internet Software & Services

Keywords Group is seeking an experienced Active Directory SME and Azure Identity Lead to guide company-wide identity architecture and support global IT across on-premises and cloud environments.

Active Directory Cybersecurity DHCP DNS PowerShell
13 hours, 23 minutes ago

Biology & Biophysics Researchers (India, Part-time)

Weekday 11-50 Construction & Engineering

An AI lab client is hiring part-time life science researchers to help train and evaluate frontier AI systems on advanced biological and biophysical reasoning.

Machine Learning
13 hours, 23 minutes ago

Senior Security Compliance Engineer

Klaviyo 1K-5K IT Services

Klaviyo is seeking a Senior Security Compliance Engineer to help its Security Trust & Risk team automate and scale compliance operations, continuous monitoring, and GRC tooling across a fast-growing AI-first B2C CRM platform.

AWS CI/CD Go HIPAA Kubernetes Python REST API SQL
14 hours, 8 minutes ago

Senior Research Engineer, Threat Intelligence

SecurityScorecard 251-1K IT Services

SecurityScorecard is hiring an engineering-focused Threat Intelligence team member to turn research findings into production-ready detections, feeds, and platform capabilities for STRIKE.

AWS CI/CD Cybersecurity Go Node.js Python Splunk SQL TypeScript
14 hours, 8 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers