Vulnerability Researcher

The Vulnerability Researcher is responsible for analyzing systems, software, architectures, and strategies to discover impactful, unknown vulnerabilities and security weaknesses, including those affecting AI/ML systems and AI-enabled technologies and services. This work proactively identifies classes of vulnerabilities and exploitation opportunities that inform mitigation strategies and secure design. 

The role involves performing manual source code review, binary analysis, vulnerability assessments, dynamic testing, threat modeling, and security architecture review. The researcher conducts ongoing analysis of real-world adversaries, exploitation methods, and emerging attack surface and offensive security techniques to guide research priorities. Development of custom tooling and automation is required to augment manual vulnerability discovery.

• Conducts research to identify highly impactful, unknown vulnerabilities in a wide variety of applications and technologies, including AI-enabled applications and services

• Performs vulnerability assessments using industry best practices on various environments, including web applications, APIs, and cloud infrastructure

• Develops and manages testing methodologies that adhere to common security guidelines and NIST standards

• Conducts an evaluation of cloud security configurations, identifies prevalent vulnerabilities in cloud security controls, and improves and maintains cloud testing standards
• Provides detailed reports with proof of vulnerabilities, guidance, and advice to support customer teams through vulnerability remediation
• Develops and communicates comprehensive and accurate reports and presentations for client stakeholders including technical staff and executive leadership 
• Maintains communication with management regarding development within assigned responsibilities and performs special projects as required
• Researches and develops innovative techniques, tools, and methodologies for vulnerability research and red team activities  

• Develops leadership-level communications, including management-specific metrics, white papers, procedures, thought position papers, etc.

• This list is not all-inclusive, and you are expected to perform other cybersecurity-congruent duties as requested or assigned

-    7+ years of work experience in the Cyber Security industry
-    Bachelor’s Degree in Computer Science or Management Information related field, or equivalent work experience
-    Understanding of all phases of adversary emulation operations including reconnaissance, social engineering, exploitation, post-exploitation, covert techniques, lateral movement, and data exfiltration
-    Extensive experience in offensive cybersecurity roles, such as red teaming, penetration testing (e.g., web, infrastructure, cloud), and purple team exercises in cloud and on-prem environments
-    A robust understanding of contemporary security theory and application exploitation techniques and attack vectors (including the vulnerability lifecycle and scanning methodologies (SAST, DAST, IAST, RASP))
-    Experience developing and managing testing methodologies that adhere to common security guidelines such as OWASP and frameworks such NIST 800 or MITRE ATT&CK
-    A solid understanding of computer architecture and organization with respect to binary analysis and exploitation
-    Ability to analyze, create, and debug shellcode and other low-level exploits
-    Experience developing custom security (either offensive or defensive) software in one or more compiled languages
-    Demonstrated abilities to reverse engineer binaries, enumerate vulnerabilities in compiled software, and provide working exploits (e.g., CVEs, public acknowledgements, or ability to demonstrate on demand)
-    Familiarity with automated security analysis and fuzzing tools (e.g., AFL and Peach)
-    Demonstrated ability to discover vulnerabilities via static analysis and source code review
-    A working understanding of key programming languages and frameworks (e.g., Java, Node.js, Python, JSP, etc.), including the ability to pick up new languages quickly, understand the security implications of those languages, and enumerate vulnerabilities in custom-developed software packages that leverage those languages
-    Familiarity with scripting/programming of Python, PowerShell, or C# with the ability to create and customize tools
-    Excellent written and verbal communication skills (technical writing, documentation development, process mapping, and visualization)
-    Must be able to communicate technical concepts to technical and non-technical audiences effectively and communicate well with people in various positions, roles, and levels
-    Strong analytical and problem-solving skills; ability to examine issues strategically and analytically
-    Ability to interact well with co-workers and outside contacts; ability to work collaboratively in a team environment
-    Ability to work on multiple, simultaneous initiatives and prioritize workload to meet commitments
-    Self-motivated with a strong sense of urgency, an adaptive mindset, and a demonstrated propensity to learn quickly

Base Pay Information
The national base pay range is a good-faith estimate of what Delta Dental may pay for new hires. Actual pay may vary based on Delta Dental’s assessment of the candidate’s knowledge, skills, abilities (KSAs), related experience, education, certifications and ability to meet required minimum job qualifications. Other factors impacting pay include prevailing wages in the work location and internal equity. $133,300 - $260,000

Behind the smile! We are dedicated to safeguarding the health and financial stability of our employees and their loved ones. This commitment extends beyond the workplace to foster personal growth and holistic wellbeing. Our life-changing rewards package includes:

• Competitive base and incentive pay 
• 401(k) with robust matching and non-matching contributions
• Rich medical & pharmacy benefits
• 100% employer-paid dental and vision benefits
• Holistic wellbeing program with deep financial incentives
• Generous paid time off plus 12 paid holidays and your birthday off
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Family support: adoption assistance, fertility treatment, child, elder & pet care assistance
• Social responsibility and volunteer opportunities
• Employee discount program

Fair Chance Ordinances and Criminal Background Considerations  This position requires that the applicant undergo a background check. Qualified applicants with arrest or conviction records will be considered for employment in accordance with any applicable federal, state or local laws, including, but not limited to, the California Fair Chance Act, the Los Angeles County Fair Chance Ordinance, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and/or New York Corrections Law Article 23-A.

Important Work Authorization Information  Please note, Delta Dental will not sponsor applicants for work visas for this position.
#LI-Remote