Senior Security Researcher

Description

Company Overview:

Join XM Cyber, a global leader in hybrid cloud security. Our innovative approach leverages the attacker’s perspective to identify and remediate critical attack paths across both on-premises and multi-cloud environments. The XM Cyber platform empowers companies to quickly prioritize and mitigate cyber risks affecting their business-sensitive systems.

Job Description:

We are seeking a highly skilled and motivated Senior Security Researcher to join our dynamic team at XM Cyber. As a Senior Security Researcher, you will play a pivotal role in simulating real-world attack scenarios, identifying vulnerabilities, and contributing to the development of innovative security solutions. You will work alongside some of the best security experts in the industry, driving research initiatives and enhancing your knowledge of emerging threats and attack techniques.

Key Responsibilities:

• Conduct in-depth research and analysis of n-day vulnerabilities to assess risk and potential impact.
• Investigate attack vectors across various operating systems and cloud environments (IaaS/SaaS).
• Define and document mitigation strategies for discovered attack techniques, collaborating with development teams for implementation.
• Drive the integration of research findings into product features, ensuring enhanced security capabilities.
• Stay abreast of the latest security trends, technologies, and best practices to maintain expertise in the field.
• Collaborate with cross-functional teams to communicate and implement identified attacks, techniques, and solutions.
• Contribute to public security research through blog posts and potentially present findings at industry conferences.

Requirements

Qualifications:

• A minimum of 5+ years of experience in security research, penetration testing, red teaming, or related fields.
• Strong knowledge of adversary tactics, techniques, and procedures (TTPs).
• Proficiency with common protocols (e.g., TCP/IP, HTTP, LDAP, Kerberos, RPC, SSL, SSH) and deep knowledge of Windows, Linux, or macOS internals.
• Competence in programming languages such as C/C++, Java, TypeScript, or Python.
• Demonstrated ability to manage and drive complex research projects independently and collaboratively.
• Self-motivated, with a passion for continuous learning and professional development.

Preferred Qualifications:

• Bachelor’s degree in Computer Science or equivalent experience (military background is a plus).
• Familiarity with cloud platforms (AWS, GCP, Azure) and container orchestration systems like Kubernetes.
• Experience with developing, extending, or modifying exploits, shellcode or exploit tools.
• Reverse engineering skills, including familiarity with debuggers and disassemblers.
• Relevant industry certifications such as OSCP, OSCE, OSWE, or similar credentials.
• Experience in source code review to identify control flow and security vulnerabilities.