Montana Veteran Jobs

facebook youtube linkedin
Mobile Montana Labor & Industry Mobile Logo

Job Information

Trellix Advanced Threat Research - Senior Vulnerability Researcher in Helena, Montana

Job Title:

Advanced Threat Research - Senior Vulnerability Researcher

Role Overview:

The Advanced Research Team focuses on leading edge security research. The larger ATR organization is tasked with discovery and analysis of critical vulnerabilities, malicious actors, campaigns, and cutting-edge attack techniques. This position is focused on zero-day vulnerability research and analysis.

Trellix Enterprise Advanced Threat Research – Senior Vulnerability Researcher

The Advanced Research Team focuses on leading edge security research. The larger ATR organization is tasked with discovery and analysis of critical vulnerabilities, malicious actors, campaigns, and cutting-edge attack techniques. This position is focused on zero-day vulnerability research and analysis. It will be challenging yet highly rewarding. Candidates will be expected use their development and analytical skills to drive meaningful vulnerability research while exploring new research tools and techniques. A successful candidate will be able to mentor junior researchers, drive new research and approach problems from multiple angles with little direction while at the same time effectively communicating their process and findings to others.

Examples of prior research disclosed by ATR can be found on our website:

https://www.mcafee.com/enterprise/en-us/threat-center/advanced-threat-research.html

As a senior member of the team, the researcher can expect a certain degree of freedom in research target selection aligned with their expertise and interests while still within the verticals the team is keen on exploring. Depending on the scope of the selected targets, research projects can spread from weeks to months and often involve collaboration with one or more teammates. Researchers are expected to participate in the Trellix responsible vulnerability disclosure process for each finding. Sharing findings internally and publicly is equally important. This can take the form of blog posts and/or conference talks once the responsible disclosure process is concluded.

Requirements:

  • Strong procedural programming skills, andextensive development experiencein OO languages includingC/C++ Highly proficient in one or more scripting language such as JavaScript, Python, Perl, Bash, or Ruby.

  • Strong*nixand Windowsexperience. Candidates should beverycomfortable using command line tools, and understanding operating systemessentials such as memory management, kernel and user mode, 3rdparty software/drivers, and more.

  • Networking experience – ability to read and dissect network traffic and packet structure, ideally experience using network tools such as Wireshark,Scapy,and more.

  • Solid understanding of vulnerabilities including techniques, mitigations, and exploitation

  • History of original vulnerability disclosure findings– discovery, analysis and ideally exploitation

  • Proficiencyin reverse engineering – knowledge of assembly, various architecturessuch as ARM, MIPS, x86 etc.,static/dynamic

  • Experience using industry security tools: IDA Pro/Ghidra,Windows/Linuxdebuggers, Wiresharkandmuchmore

  • Strong technical writing skills – experience delivering technical content in a variety of formats including blogs, whitepapers, conference presentations, and more

  • Researcher mentality – driven to find and explore security issues or implementations, and corresponding ability to analyze and present findings

  • Candidates should be able to adapt to new problems and learn new skills to solve them

  • Ability to interface with multiple internal and external entities for collaboration and problem solving

Beneficial, but not required:

• Machine learning, data science experience using multiple industry standard algorithms and concepts (DNN, Linear/Logistic Regression, reinforcement learning, etc.) and tools (Anaconda, Python Notebooks, Jupyter, etc…)

• Cloud and/or mobile vulnerability research or analysis experience

• Previously presented at mainstream conferences such as Blackhat, Defcon, etc.

Company Benefits and Perks:

We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

  • Pension and Retirement Plans

  • Medical, Dental and Vision Coverage

  • Paid Time Off

  • Paid Parental Leave

  • Support for Community Involvement

We're serious about our commitment to diversity which is why we prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

DirectEmployers