You are viewing a preview of this job. Log in or register to view more details about this job.

Security Researcher (10875)

While this is an Individual contributor role, you’ll be involved in working with the Fortinet’s FortiGuard Labs team to do Responsibly Disclosed Security Research and thereby let the Vendor, Public including our Customers know your research findings.
  • Discover new Exploitation Techniques or Attack Vectors.
  • Discover new Zero-Day Exploits/Vulnerabilities.
  • Discover vulnerabilities or weaknesses in popular frameworks or products.
  • Write Proof of Concept exploits for vulnerabilities.
  • Work with development team to fix the discovered vulnerabilities.
  • Analyze new attacks, attack surfaces.
  • Write Security-related Blog, Paper, Exploit Analysis, etc.
  • Stay up to date on the latest exploitation techniques.

Requirements:
  • At least 3 years of experience in Security or Vulnerability Research.
  • Reverse engineering experience including binary analysis, and firmware analysis (using binwalk or other) Prior experience with dynamic analysis debuggers (e.g. OllyDBG, WinDBG), disassemblers or decompilers (e.g. IDA Pro.)
  • Penetration testing web application and attack analysis experience using tools including Burp Suite, Fiddler, or Metasploit, etc.
  • Experience in writing Proof of Concept exploits for vulnerabilities.
  • Familiar with Top Web Application Security Risks/Vulnerabilities and attack techniques in MITRE ATT&CK matrix.
  • Solid knowledge of programming languages Experience writing code in PHP, Java, C/C++ JavaScript and/or Python.
  • Familiar with Database languages.
  • Familiar with popular Web Server software (e.g. Nginx, Apache, IIS) and Web Application Frameworks.
  • Knowledge of OS Internals & networking protocols such as TCP/IP, DNS, HTTP, Scada, IoT, etc.
  • Self-directed, Self-motivated with the ability to work with minimal supervision and be Productive.
  • Good communication skills and a team player
  • Proven analytical and problem solving skills and out-of-the-box thinking.
  • CTF, Bug-Bounty or proven Multiple public records of Vulnerability Disclosure (e.g. CVEs) is a strong plus.

Education:
   Bachelor or Master of Computer Science or Electrical/Computer Engineering.

Please note, this role is hybrid.

For further questions, you may directly reach out to the Recruiter, Bhavya Mohan, at bmohan@fortinet.com.