Security Engineer/Red-Blue team
We need cyber security experts who ooze cyber, can find out how to pwn then fix servers through supply chain exploits. A lot of our bread and butter comes from our ability to audit code, fuzz it, report issues, write exploits, dig deep into programming languages. Ideally you should have at least 2 CVEs under your belt, have used fuzzing, can read Assembly, is super highly ethical and honest. You should be able to pwn a system when given a non-random RNG and also understand the various forms of encryption. Our customers rely on us to help them out with the super complex aspects of their systems so we want the best of the best.
- Experience and victories at Capture The Flag (CTF) competitions
- At least 2 attributed CVEs
- Command and expertise in one of Go, C, C++, Java or Python
- Reverse engineering knowledge and experience
- Ability to explain a buffer overflow and use-after-free exploits
- Strong ethics, honesty and clear exhibits of it
- Ability to explain how Heartbleed manifested and how the exploit worked
- Ability to explain and build static analyzers
About the job
This job requires someone who can think offensively then plug problems defensively to protect various systems.
Supply chains are the weakest links and you will be in charge of building tooling to ease these analyses and defenses. We build critical infrastructure and your expertise is necessary in securing it.
Persistence and attention to detail are a MUST. We also work on secure and programming languages, memory safety doesn’t mean that there aren’t undiscovered exploits. Your job will be to find and fix these problems before anyone else does. You’ll also examine our systems and those of our customers. You’ll collaborate with the diverse teams that we have. You’ll also be expected to keep honing your skills and be active in development.
You should be able to succinctly explain how SSLStrip works, how a Man-In-The-Middle (MITM) attack works.