Job description

JOB DESCRIPTION

We are seeking a highly skilled and detail-oriented Security Research Engineer to join our growing Product team. As a key member of our organization, you will play a critical role in ensuring the accuracy, clarity, and completeness of our technical documentation. Who can collaborate with our superstar engineering team, work with cutting-edge technologies, and contribute to building world-class platforms and applications that redefine how people engage with cybersecurity.

Requirements

ROLE AND RESPONSIBILITIES

Think like an adversary, probe, and identify potential attack vectors.
Analyze, design, implement, test, and maintain attack simulation scenarios that include adversarial tactics, techniques, and procedures (TTPs), vulnerability exploits, malware payloads, etc.
Stay abreast of the latest offensive strategies, cybersecurity defenses, technologies, methodologies, policies, and breaches.
Identify zero-day vulnerabilities, latest exploits, common vulnerabilities, various attack patterns, and tactics.
Deploy and configure the test infrastructure for the development and testing of simulation payloads.
Develop and integrate Sigma, Yara, and Snort signatures for detecting and mitigating the payloads created.
Deliver technical analysis based on simulation results.
Ensure that all attack payloads adhere to defined success criteria, capturing key indicators of success or failure.
Work closely with other engineering teams to ensure smooth integration of payloads into the platform.

QUALIFICATIONS AND EDUCATION REQUIREMENTS

Proficient in one or more scripting languages such as Python, PowerShell, Bash, and Shell.
Strong background in Offensive Security, Red Teaming, Ethical Hacking, application security, infrastructure security, and breach & attack simulations.
Hands-on experience in developing Sigma, Yara, and Snort signatures.
Deep knowledge of attack vectors, adversarial tactics, techniques, and procedures (TTPs), and how they apply to network, cloud, application, Windows, and Linux environments.
Strong understanding of common vulnerabilities and exploits, with the ability to create payloads for a wide variety of attack scenarios.
Experience with Bug Bounty programs and/or Breach & Attack Simulation (BAS).
Ability to think critically and out-of-the-box when identifying attack scenarios and vulnerabilities.
Excellent verbal and written communication skills.
Familiarity with the latest trends in cybersecurity, vulnerabilities, and mitigation techniques.
A self-starter with a growth mindset and a willingness to continuously learn and improve.
Strong logical and analytical skills.
Hands-on experience with tools like Metasploit, Burp Suite, Cobalt Strike, and similar red-team tools.
Experience with cloud infrastructure (AWS, Azure, GCP) and cloud-specific security challenges.
Ability to integrate and automate payloads in a continuous delivery pipeline.
Understanding of detection technologies (IDS/IPS, SIEM, EDR) and bypass techniques