Key Responsibilities
- Researches and monitors new vulnerabilities, attacks and exploits on infrastructure components and / or software;
- Performs analysis on the exposure of our current infrastructure and components against newest vulnerabilities and threats on the infrastructure and/ or application layer;
- Writes up advisories based on analysis of vulnerabilities;
- Writes up papers / analysis on technologies and solutions deployed as relates to current exposure on known vulnerabilities and provides recommendations for remediation activities and applicable controls required;
- Engagement with the other teams to secure the impacted assets and components until the remediation;
- Presents complex security issues and vulnerability analysis to a variety of audiences, including senior executives;
-
Researches existing exploit code for new and critical vulnerabilities and/or develops proof-of-concept exploit code for test and evaluation of mitigations solutions;
-
Testing out ideas and automating code for new and critical vulnerabilities using a solid, virtual lab;
-
Reverse engineering intricate systems and protocols vulnerabilities;
-
Improving upon proof of concept code to demonstrate vulnerabilities;
-
Cultivates the practice of staying abreast on latest trends and developments in vulnerability research, tools and solutions, threat intelligence and remediation activities followed across industry;
-
Develop and maintain a vulnerability assessment database/repository.
Functional/technical requirements:
- A degree in Information Technology, Information Security or related major and 4-6 years of direct experience in the field of cybersecurity;
- Familiarity with operating system internals and exploit mitigation techniques;
-
Development experience in a high-level language (C/C++, Python);
-
Experience in threat and vulnerability management, and penetration testing;
- Experience developing custom software tools to assist in performing reverse engineering and vulnerability analysis;
-
Excellent problem-solving skills with the ability to diagnose and troubleshoot technical issues;
-
Excellent verbal, written communication and presentation skills to present complex security issues and vulnerability analysis;
-
Collaborative / team player, self-driven, independent and customer-oriented;
- Good technical aptitude, problem solving and ability to quickly learn and master new topics and domains;
- Candidates must be able to work independently and demonstrate exceptional organizational and time management skills;
- CISSP or similar certification advantageous.
