Senior Vulnerability Research Engineer - exploits, 0-day, fuzzing

Tenable, Inc.

Your Role:

Tenable is looking for a Senior Research Engineer to join our 0-day security research team. This position will involve exploring the attack surface area of various software and systems, looking for new vulnerabilities, developing checks/plugins to detect these vulnerabilities via our products and coordinating disclosure of the 0-days found with vendors.

Your Opportunity:

  • Works on complex research and development initiatives
  • Implements advanced detection logic while minimizing false positives & false negatives
  • Participates in detection logic discussions and the research of new methods for detection
  • Interfaces with stakeholders on externalizing the outcomes of some of the research
  • Helps / trains other researchers, when needed

What you'll need:

  • Proven track record of discovering 0-day vulnerabilities<span< span="">
  • Keep abreast with the advancements and developments in the security industry and perform original research to keep our customers secure
  • Develop detection scripts for Tenable’s sensors (Nessus vulnerability scanner and others) based on the research findings
  • Research and develop methods of detection for additional services and products from different vendors
  • Demonstrably strong programming skills in one or more languages
  • Ability and experience in showcasing original research externally – via blogs, white papers, etc.
  • Ability to work independently as a researcher as well as part of a larger team
  • Experience working with multiple operating systems
  • Excellent written and verbal communication skills
  • Adaptable and able to shift priorities as needed
  • Meticulous in terms of quality & accuracy of work
  • Willingness to explore and learn
  • B.S. degree in Computer Science or a related field, or equivalent work experience
  • At least 5 years of R&D experience
  • In depth understanding of common security vulnerabilities, vulnerability classification, detection and exploitation techniques.
  • Reverse engineering experience including binary analysis, packet capture analysis, and firmware analysis (using binwalk or other). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
  • Experience with crash dump analysis and some exploit development.
  • In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing
  • Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
  • Experience with researching, discovering, and publishing vulnerabilities
  • Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and scripting languages
  • Experience writing blogs and whitepapers to showcase research as well as presenting at security conferences

We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.