Offensive Security Researcher

About The Position

Requirements

• Proven experience in offensive security research (CVE's, publications, patents, tools, bounties) with demonstrated responsible disclosure practices.
• Strong skills in reverse engineering and automation (IDA, Ghidra), fuzzing (AFL, WinAFL, Syzcaller), and exploitation (ROP, memory corruption).
• Understanding of modern embedded cryptography and common security issues.
• Experience with ARM/X86/RISCV assembly (including shellcode development) and low-level C programming.
• Understanding and experience with micro-architectural attacks (side channels, fault injection, etc).
• Demonstrated skill for secure code reviews of complex source projects and exposure to code quality practices (SDL, threat modeling).
• Comfortable working collaboratively and remotely with others to accomplish complex team goals.
• BS/BA degree or equivalent experience.
• 12+ years in a security related field.

Nice To Haves

• Navigating complex platform concerns and ability to analyze composed systems to identify high risk components and established testing targets and objectives.
• Practical skills using Hex-Rays IDA Pro and plugin/loaders development (or similar experience with Ghidra).
• Leveraging innovative strategies and AI advancements to accelerate discovery and resolution of security risks.
• Experience with enclave models such as NVIDIA CC, ARM TEE, Intel SGX/TDX, AMD SEV-SNP and other isolation technologies.
• Development and integration of AI tooling and skills to accelerate and improve activities and experience with offensive actions targeting AI models (LLM or other) components within those platforms.

Responsibilities

• Identify vulnerabilities in embedded firmware and critical system software, building proof of concepts, and collaborating with development teams to remediate them.
• Invest in improving current tools and offensive practices for bug discovery and evaluation while supporting remediation efforts.
• Simulate real attacker behaviors, break systems by exploiting design assumptions, and effectively communicate findings for action.
• Increase resilience of end products against all forms of attack through close collaboration with extended SW and HW offensive security teams.
• Work on products that span HPC data centers, consumer electronics, autonomous platforms, AI/cloud solutions, and a variety of embedded/IOT platforms.

Benefits

• Base salary range of 224,000 USD - 356,500 USD for Level 5, and 272,000 USD - 425,500 USD for Level 6.
• Eligibility for equity and benefits.