SECURITY RESEARCHER / VULNERABILITY SPECIALIST

SECURITY RESEARCHER / VULNERABILITY SPECIALIST

Targeted Start: 11/7/2012

Travel Required: Not Required

Overview

This is a technical leadership position with direct reports and is third party facing. Technical responsibilities include vulnerability research and individual assessments of everything from SCADA systems to mobile applications.

Location

Downtown San Francisco, CA

Responsibilities

• This is a technical leadership position with direct reports and is third party facing.
• Technical responsibilities include vulnerability research and individual assessments of everything from SCADA systems to mobile applications.

Qualifications

• Experience doing security research and performing vulnerability analysis, usually gained over 6-8 years.
• Extensive experience doing network protocol analysis, with and without network tools such as Wireshark.
• Expertise in understanding common security vulnerabilities, with enough technical expertise to perform the following: buffer overflow attacks; Teardrop and packet fragmentation attacks.
• Experience working as a team lead, typically gained from 1-3 years.
• Experience with security consulting (from 1-3 years) preferred.
• Strong technical understanding of vulnerabilities and how attackers can exploit vulnerabilities to compromise systems, including systems level knowledge of Microsoft Windows platforms, UNIX platforms, and common networking platforms.
• Knowledge of vulnerability sources such as SANS, US-CERT, commercial vendors (Symantec, SecureWorks, IBM, etc.).
• Strong analytical ability with readiness to defend analysis in the face of countervailing opinions.
• Knowledge of paid intelligence sources such as Verizon iDefense, RiskIQ, Critical Intelligence, Cybertrust.
• Ability to work effectively with an incomplete data set; willing to apply logic and academic rigor to make sound analytical leaps.
• A quick study of new technologies, industries and scenarios.
• Strong presentation and verbal communication skills.
• Experience with the government or utility industry preferred.

Desired Certifications

• CISSP certification required (or in progress).
• General security certifications (such as Certified Ethical Hacker, CEH) preferred.