Title: Security Researcher / Vulnerability Specialist
Location: US-CA-San Francisco
Targeted Start: 11/7/2012
Travel Required: Not Required
Overview:
This is a technical leadership position with direct reports and is third party facing. Technical responsibilities include vulnerability research and individual assessments of everything from SCADA systems to mobile applications.
Location: Downtown San Francisco, CA
Responsibilities:
Qualifications:
- Experience doing security research and performing vulnerability analysis, usually gained over 6-8 years.
- Extensive experience doing network protocol analysis, with and without network tools such as Wireshark.
- Expertise in understanding common security vulnerabilities, with enough technical expertise to perform the following
- buffer overflow attacks.
- SQL injection attacks .
- Teardrop and packet fragmentation attacks .
- SMTP attacks .
- Experience working as a team lead, typically gained from 1-3 years .
- Experience with security consulting (from 1-3 years) preferred .
- Strong technical understanding of vulnerabilities and how attackers can exploit vulnerabilities to compromise systems, including systems level knowledge of.
- Microsoft Windows platforms .
- UNIX platforms .
- Common networking platforms .
- Knowledge of vulnerability sources such as SANS, US-CERT, commercial vendors (Symantec, SecureWorks, IBM, etc.) .
- Strong analytical ability with readiness to defend analysis in the face of countervailing opinions .
- Knowledge of paid intelligence sources such as Verizon iDefense, RiskIQ, Critical Intelligence, Cybertrust .
- Ability to work effectively with an incomplete data set; willing to apply logic and academic rigor to make sound analytical leaps .
- A quick study of new technologies, industries and scenarios .
- Strong presentation and verbal communication skills .
- Experience with the government or utility industry preferred .
Desired Certifications:
- CISSP certification required (or in progress) .
- General security certifications (such as Certified Ethical Hacker, CEH) preferred .
- General professional network certifications (CCNP, JNCIS, et al) preferred .