Position Description
SAINT is looking for experienced, self-motivated vulnerability research engineers with expertise in security research and development of vulnerability checks, exploits, penetration testing tools and remediation guidance. Key responsibilities will include: researching and tracking the latest published vulnerabilities; analysis of vendor-supplied patches and remediation guidance; and development of vulnerability check signatures and remediation content. Reverse engineering and exploit development experience, a plus. Candidate must be authorized to work for employer in the United States.
Required Skills & Qualifications:
- Python, C or PERL expertise in a Linux environment.
- Comfortable utilizing network sockets to implement common application protocols (HTTP, SSL, FTP, DNS, SMB, LDAP, RPC, etc.)
- Familiar with common Application Layer content formats, such as HTML, XML, CSS, etc.
- Experience with modern web service technologies a plus – i.e., AJAX, SOAP RPC, JSON, RESTful architectures, etc.
- Technical understanding of basic software security pitfalls, such as stack overflows, heap overflows, null-pointer dereferences, SQL injection, cross site scripting, directory traversal, etc.
Required Education and Experience:
- Education: Bachelor Degree in Computer Science or equivalent experience and training.
- 4+ year of experience with Linux
Additional/Preferred Qualifications:
- Familiar with vulnerability exploitation techniques, such as NOP sleds, heap spraying, return-oriented programming, JIT spraying, etc.
- Static or run-time binary reverse engineering of client/server software.
- Recent experience related to mobile application security.
- Recent experience related to web application vulnerabilities and security weaknesses.