Vulnerability Researcher Jobs

Who we are

To address the scale needed by the rapid pace of software growth, companies need security tools that are automated and don’t require lengthy manual analysis to sift out false positives. Our focus at ForAllSecure is to build the next-generation of security products that change how companies develop, test and deploy software.

Our tool, Mayhem, a fully autonomous cybersecurity system, was built utilizing over 12 years of research at Carnegie Mellon University and developed by a team of some of the best white-hat hackers in the world. In 2016, DARPA hosted the Cyber Grand Challenge, the world’s first all-machine hacking tournament, in which Mayhem competed and took first place against industry and best challengers from academia. Since then, we have been bringing this product to market. The Mayhem solution makes software validation testing radically simpler with a powerful combination of intelligent fuzzing, symbolic execution, and checking of static security indicators.

To date, Mayhem has found vulnerabilities in multiple open source projects, components in production aircraft, and critical flaws in embedded devices. This is only the beginning, as we plan to have Mayhem bring automation, usability and scalability to testing of all of the world’s commercial and government software projects.

What you'll do

As a Vulnerability Researcher for our Federal customers, you will be working with the same technology that won the DARPA Cyber Grand Challenge. The technology uses fuzzing, symbolic execution, and static analysis to help check software. You will be helping Federal customers analyze, automatically find and understand vulnerabilities to secure their code. Often our customers have never used an automated tool before to check for security vulnerabilities, and your work will help them systematize their cyber security efforts for their platforms.

Specifically, you will:

• Deliver training sessions and knowledge transfer sessions
• Develop fuzzing harnesses for existing source code and reverse engineered binaries.
• Help configure, integrate, analyze and maintain Mayhem in the customer environments
• Create harnesses for Mayhem targets and debug integration issues
• Debug/triage production issues
• Assist customers in triaging defects discovered through Mayhem.

Requirements

Software Development and/or Fuzzing Experience:

• Required hands-on vulnerability research on binaries or source code
• Understanding of modern exploitation techniques and mitigations/counter-measures
• Familiarity with web security best practices and standards
• Hands-on experience with implementing solutions in C, C++, Java, Python
• Experience in designing and developing APIs and RESTFul services
• Understanding of low-level operating system concepts (memory management, process lifecycle, I/O systems, etc.)
• Required hands-on knowledge of professional reverse engineering and program analysis tools
• Experience with DevOps processes e.g. continuous integration, etc.
• Hands-on experience with reading and writing assembly in at least one common architecture (x86, ARM, etc)

Education and Working Experience:

• Bachelor’s or Master’s Degree in Software Engineering, Computer Science or another engineering discipline is required. Alternatively, equivalent experience gained in military service will be considered.
• 5+ years working as a Vulnerability Researcher and/or Software Engineer or Consultant
• Previous Professional Services experience is a plus
• Government or military service is a plus

Consulting and Leadership Experience:

• Dallas/Fort Worth area candidates, preferred
• Ability to work in a remote setting with remote co-workers
• Self-motivation and an ability to execute independently
• Strong verbal and written communication skills
• Experience in serving as a coach, mentor, subject matter expert, and escalation point for customers, internal teams and colleagues
• Up to 30% travel may be required for Dallas/Fort Worth area candidates
• Up to 75% travel (or more) may be required for candidates from other geographies
• Multitasking and time management skills

Security Clearance: TS/SCI eligible. Active clearance required