Ios Vulnerability Researcher - Remote: To 200K + Large Bonus

Stanleyreid Washington , DC 20001

Posted 2 months ago

Our client's products are being used to solve crimes all over the United States that could not be solved before. You can utilize your skills as either a Vulnerability Researcher or a Low-Level CNO Developer / Reverse Engineer to help break up human trafficking rings, solve crimes against children, and bring murderers to justice.

Founded by Vulnerability Researchers from both the commercial sector and the US Intelligence Community, our client is a small, growing, self-funded mobile device forensics and exploitation product firm that works with federal, state, and local law enforcement throughout the US. Joining this firm offers you the ability to work from home and to collaborate with strong Low-Level Engineers and Researchers to make a huge impact on very important problems. You'll also enjoy a top salary, strong benefits, and a bonus program based on the value you add and the impact you create.

Our client is seeking strong Vulnerability Researchers to conduct long-term research projects (typically 3-6 months in length) to find vulnerabilities, triage them, develop exploits, and help incorporate those exploits into the forensics / exploitation platform. Once you develop an exploit, you "own" it, and you can reap large financial rewards.

In addition to a top salary and benefits, you receive a significant percentage of revenue generated based on the exploits you develop. Very large bonuses are possible. The more value you produce, the more you are rewarded. To be considered for this role, you must be a US citizen or Permanent Resident (Visa holders cannot be considered). This is a REMOTE position, so anywhere in the US is acceptable.

cjobs-cat:"IT - Software"

11384



icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Cyber Security Vulnerability Management Analyst

Exelon

Posted 1 week ago

VIEW JOBS 9/11/2020 12:00:00 AM 2020-12-10T00:00 Job Description Description PRIMARY PURPOSE OF POSITION: The Cyber Security Vulnerability Management Analyst will be expected to assist with conducting formal tests on web-based applications, networks, and other types of computer systems on a regular basis, and determines/documents deviations from approved configuration standards and/or policies. This role will also be expected to assist with work on physical security assessments of servers, computer systems, and networks. This role will provide technical expertise and assistance with the development of Vulnerability Mitigation and Remediation Plans for SCADA systems, and will recommend appropriate mitigations and/or remediation efforts. This position requires demonstrated knowledge in supporting the hardware and software solutions required to perform NERC-CIP-010 Vulnerability Assessments and will assist with the vulnerability assessment process. Along with these assessments, this role will participate in regular security vulnerability assessments from both a logical/theoretical standpoint and a technical/hands-on standpoint, and recommend appropriate mitigations and/or remediation efforts. This role will enhance security services provided by the OT Cyber Vulnerability Detection and Management team. This is a hands-on role requiring technical skills across a wide range of IT/OT systems, applications, and infrastructure. PRIMARY DUTIES AND ACCOUNTABILITIES: * Perform technical application and infrastructure security vulnerability assessments across a wide range of IT/OT systems, including applications, wireless and wired networks, web services, mobile applications, thick clients, Cloud solutions, etc. * Work with the Business to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks * Develop/refine necessary governance documentation (policies, procedures, standards, guidelines) for all security vulnerability assessment processes. * Collaborate with various teams (IT, Development, QA, etc) to help ensure designs and implementations meet specified security standards. * Prepare detailed cyber security vulnerability metrics and reports for all Business Units and leadership (routine and ad hoc). Qualifications POSITION SPECIFICATIONS Minimum: * Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 3-5 or more years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience. * At least 1-3 years of ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews. * Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. * Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). * Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). * Knowledge of network protocols (e.g., Transmission Critical Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]). * Knowledge of penetration testing principles, tools, and techniques. * Knowledge of scripting/programming language structures and logic. * Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). * Knowledge of host/network access control mechanisms (e.g., access control list). * Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). * Knowledge of interpreted and compiled computer languages.. * Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). * Knowledge of threat environments. * Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). * Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability. * Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks). * Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). * Knowledge of basic system administration, network, and operating system hardening techniques. * Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. * Comprehensive understanding of change management techniques associated with new technology implementation. * Demonstrated experience producing an economic business case. * Demonstrated leadership ability. * Proven analytical, problem solving, and consulting skills. * Excellent communication skills and the proven ability to work effectively with all levels of IT and business management. Preferred: * Graduate degree in cyber security or related area of expertise. * Relevant security certifications (CISSP, CISM, SABSA, GIAC) * Demonstrated expert technical skills with various penetration testing technologies and tools. * Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks. * Demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture in relation to evaluating risk. * Demonstrated experience and proven capabilities in network vulnerability assessment, application vulnerability assessment, application security architecture development, web application security, and application security testing. * Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA. * Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components. * Demonstrated knowledge and experience in application security standards, methodologies, and technologies. * Solid understanding to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures. * Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations. * Demonstrated experience in assessing and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security. * Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. * Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components. * Demonstrated knowledge and experience in application security standards, methodologies, and technologies. * Solid understanding to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures. * Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations. * Demonstrated experience in assessing and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security. * Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. * -- Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. VEVRAA Federal Contractor EEO is the Law Poster Exelon Washington DC

Ios Vulnerability Researcher - Remote: To 200K + Large Bonus

Stanleyreid