Research Engineer

Your Role:

The Research Engineer will be involved with researching existing vulnerabilities, looking for new vulnerabilities, and developing checks/plugins to detect these vulnerabilities via our products.
Your Opportunity:

• Works on advanced research and development initiatives
• Implements detection logic and scripts while minimizing false positives & false negatives
• Participates in detection logic discussions and the research of new methods for detection
• Helps other researchers on the team, when needed
• Develop detection scripts for Tenable’s sensors (Nessus vulnerability scanner and others) based on the research findings
• Keep abreast with the advancements and developments in the security industry and perform research to keep our customers secure
• Research and develop methods of detection for additional services and products from different vendors
• May perform other duties and responsibilities that management may deem necessary from time to time

What You'll Need:

• B.S. degree in Computer Science or a related field, or equivalent work experience
• Good programming skills in at least one language
• Ability to operate independently with minimal supervision as well as collaborate and work with others as part of the larger research team
• Experience working with multiple operating systems (proficiency with Linux a must)
• Outstanding written and verbal communication skills
• Strong attention to detail and able to shift priorities as needed
• Willingness to explore and learn
• At least 2 years of R&D experience
• Ability to sit and work at a computer for extended periods of time
• Some travel may be required

And Ideally:

• In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability detection, exploitation and classification techniques
• Strong knowledge of networking services, common protocols, etc.
• Experience with search engines such as Shodan and Censys
• Some experience with pen-testing, researching, discovering, and publishing vulnerabilities
• Some reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
• Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages
• One or more security related certifications (e.g. OSCP)
• Experience with systems administration and be comfortable working at the command line
• Understanding of common security vulnerabilities, vulnerability classification, detection and exploitation techniques
• Reverse engineering experience including binary analysis, packet capture analysis, and firmware analysis (using binwalk or other). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
• Experience with crash dump analysis and some exploit development
• In-depth protocol analysis and interaction. Knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing
• Some prior experience performing open-ended research when given high-level requirements and details of the desired output
• Experience with researching, discovering, and publishing vulnerabilities
• Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and scripting languagesSome experience writing blogs and whitepapers to showcase research as well as presenting at security conferences

#LI-KM1

#LI-Remote