Senior Security Research Engineer

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

We are seeking a passionate and detail-oriented Senior Security Research Engineer to join our Vulnerability Research Development team. As a Senior Security Research Engineer, you will be part of a motivated engineering research team that is responsible for the research, development, and delivery of detection signatures for our vulnerability scanning products. This role requires close collaboration with cross-functional teams to implement complex features. This opening is your opportunity to work in the rapidly expanding field of computer security with a company with excellent customer ratings and outstanding growth rates.

Responsibilities:
- Research vulnerabilities in the areas of applications, operating systems, databases, TCP/IP protocols, network devices, and various services.
- Develop, test, and maintain high-quality detections to detect known vulnerabilities and 0-day threats.
- Research new and emerging technologies to identify vulnerabilities and exploits.
- Collaborate with security researchers, product teams, and QA engineers to ensure the timely delivery of detection content.
- Research Zero-day vulnerabilities and actively attack vulnerabilities to deliver fast detection content within hours of vulnerability disclosure.
- Identify and streamline repetitive workflows for efficiency.
- Participate in code reviews for signatures, tools, and automation scripts.
- Stay up to date with the latest CVEs, advisories, and security intelligence feeds.
- Work with our Customer Support and Research teams to troubleshoot and triage customer issues such as false positives and false negatives.

Qualifications:
- 5+ years of industry experience in network and systems security.
- In-depth knowledge of TCP/IP, SSL, HTTP, FTP, SSH, DNS and others.
- Knowledge of OWASP top 10 and familiarity with other web-based attacks.
- Proficiency in at least one scripting language (Python, Bash, Go).
- Ability to quickly analyze proof-of-concepts, or exploits and translate them into accurate signatures.
- Experience with network analysis tools, and analysis of packet captures.
- Knowledge of different Databases (Oracle, DB2, etc.) and system Administration.
- Ability to shift priorities as needed.
- Strong understanding of VPN, Firewalls, Intrusion detection systems (IDS), and security tools.
- Excellent written and verbal communication skills.

Additional Plus Competencies:
- Understanding of Lua (preferred), or Python.
- Proficient with regular expressions.
- Knowledge of Virtualization software (VMWare, Virtual PC/Virtual Box, XEN, etc.).
- Knowledge of Cloud Platforms (AWS, Azure, Oracle, etc.).
- Knowledge of container technologies such as Docker and Kubernetes.
- Able to handle projects independently.
- OSCP, CISSP, or SANS GIAC certifications.