Security Researcher (10283)
Responsibilities:
- Make test plan for targets under security evaluation.
- Discover vulnerabilities or weaknesses in websites or products.
- Write Proof of Concept exploits for vulnerabilities.
- Work with development team to fix the discovered vulnerabilities.
- Analyze/Investigate new attacks, attack surfaces.
- Stay up to date on the latest attack/exploitation techniques.
Requirements:
- At least 3 years of experience in Cyber Security or Vulnerability Research.
- Penetration testing web application and attack analysis experience using tools including Burp Suite, Fiddler, Metasploit, etc.
- Experience in writing Proof of Concept exploits for vulnerabilities.
- Familiar with Top Web Application Security Risks/Vulnerabilities and attack techniques in MITRE ATT&CK matrix
- Solid knowledge of web programming languages and Experience in writing code in PHP, Java, JavaScript and/or Python.
- Familiar with Database languages.
- Familiar with popular Web Server software (e.g. Nginx, Apache, IIS) and Web Application Frameworks.
- Knowledge of OS Internals & networking protocols such as TCP/IP, DNS, HTTP, etc.
- Self-directed, Self-motivated with the ability to work with minimal supervision and be Productive.
- Good communication skills and a team player.
- Proven analytical and problem solving skills and out-of-the-box thinking.
- CTF, Bug-Bounty or proven public records of Vulnerability Discovery (e.g. CVEs) is a strong plus.
Education
- Bachelor or Master of Computer Science or Computer Engineering.
Please note, we are currently operating in a hybrid working environment which calls for a blend of on-site and remote work.
If you have any further questions about this role, please contact Bhavya directly at bmohan@fortinet.com.