While this is an Individual contributor role, you’ll be involved in working with Fortinet’s FortiGuard Labs team to do Responsibly Disclosed Security Research and thereby let the Vendor and Public, including our Customers, know your research findings.
- Discover new Exploitation Techniques or Attack Vectors.
- Discover new Zero-Day Exploits/Vulnerabilities.
- Discover vulnerabilities or weaknesses in popular frameworks or products.
- Write Proof of Concept exploits for vulnerabilities.
- Work with development team to fix the discovered vulnerabilities.
- Analyze new attacks, attack surfaces.
- Write Security-related Blog, Paper, Exploit Analysis, etc.
- Stay up to date on the latest exploitation techniques.
- At least 3 years of experience in Security or Vulnerability Research.
- Reverse engineering experience including binary analysis, and firmware analysis (using binwalk or other) Prior experience with dynamic analysis debuggers (e.g. OllyDBG, WinDBG), disassemblers or decompilers (e.g. IDA Pro.)
- Penetration testing web application and attack analysis experience using tools including Burp Suite, Fiddler, or Metasploit, etc.
- Experience in writing Proof of Concept exploits for vulnerabilities.
- Familiar with Top Web Application Security Risks/Vulnerabilities and attack techniques in MITRE ATT&CK matrix.
- Familiar with Database languages.
- Familiar with popular Web Server software (e.g. Nginx, Apache, IIS) and Web Application Frameworks.
- Knowledge of OS Internals & networking protocols such as TCP/IP, DNS, HTTP, Scada, IoT, etc.
- Self-directed, Self-motivated with the ability to work with minimal supervision and be Productive.
- Good communication skills and a team player
- Proven analytical and problem solving skills and out-of-the-box thinking.
- CTF, Bug-Bounty or proven Multiple public records of Vulnerability Disclosure (e.g. CVEs) is a strong plus.
- Bachelor or Master of Computer Science or Electrical/Computer Engineering.
Please note, we are currently operating in a hybrid working environment which calls for a blend of on-site and remote work.