Vulnerability Researcher

The opportunity:

As a Vulnerability Researcher at ForAllSecure, you will be working with the same technology that won the DARPA Cyber Grand Challenge. The technology uses fuzzing, symbolic execution, and static analysis to help check software.

You will be helping our Federal customers analyze, automatically find and understand vulnerabilities to secure their code. Often our customers have never used an automated tool before to check for security vulnerabilities, and your work will help them systematize their cyber security efforts for their platforms.

What you will do:

• Help configure, integrate, analyze and maintain Mayhem in the customer environments
• Create harnesses for Mayhem targets and debug integration issues
• Develop fuzzing harnesses for existing source code and reverse engineered binaries.
• Assist customers in triaging defects discovered through Mayhem.
• Debug/triage production issues
• Deliver training sessions and knowledge transfer sessions 

You are someone who:

Has Software Development and/or Fuzzing Experience:

• Required hands-on knowledge of professional reverse engineering and program analysis tools
• Required hands-on vulnerability research on binaries or source code
• Hands-on experience with implementing solutions in C, C , Java, Python
• Hands-on experience with reading and writing assembly in at least one common architecture (x86, ARM, etc)
• Understanding of low-level operating system concepts (memory management, process lifecycle, I/O systems, etc.)
• Understanding of modern exploitation techniques and mitigations/counter-measures
• Experience in designing and developing APIs and RESTFul services
• Familiarity with web security best practices and standards
• Experience with DevOps processes e.g. continuous integration, etc.

Has Education and Working Experience :

• Bachelor’s or Master’s Degree in Software Engineering, Computer Science or another engineering discipline is required. Alternatively, equivalent experience gained in military service will be considered.
• 5 years working as a Vulnerability Researcher and/or Software Engineer or Consultant
• Previous Professional Services experience is a plus
• Government or military service is a plus

Has Consulting and Leadership Experience:

• Experience in serving as a coach, mentor, subject matter expert, and escalation point for customers, internal teams and colleagues
• Self-motivation and an ability to execute independently
• Multitasking and time management skills
• Strong verbal and written communication skills
• Ability to work in a remote setting with remote co-workers
• Washington DC area candidates, preferred
• Up to 30% travel may be required for Washington DC area candidates
• Up to 75% travel (or more) may be required for candidates from other geographies

Has Security Clearance: TS/SCI eligible. Active clearance required

Who we are:

Our hunger for success drives our actions. We have respect for all, respect that people will have different opinions, and strive to mitigate unconscious bias. We commit to being responsible, transparent, and accountable in our actions to our customers and each other. We have a growth mindset, believe challenges can be opportunities, and ask what we can do 10% better each time.

We believe in a world where autonomous application security allows us to move faster and beat attackers. We do not believe the status quo is working, as companies are developing software much faster than they can manually secure it. We developed an autonomous appsec AI engine called Mayhem, which automatically tests and finds new zero-day exploitable vulnerabilities before attackers. Mayhem was battle tested in and won the DARPA (Defense Advanced Research Project Agency) Cyber Grand Challenge, and exhibited at the US Smithsonian Museum. ForAllSecure is bringing Mayhem to the world as an enterprise sales technology.

ForAllSecure’s customers include Roblox, Cloudflare, Motional, US CyberCommand, where applications range from securing online platforms used by millions to critical mission safety systems. Fortune 1000 companies in aerospace, automotive, and high-tech partner with ForAllSecure for scalable, advanced security testing that keeps pace with increasing development speeds and deployment frequencies. Other awards include the 2021 SINET 16, 2021 Global Infosec Award, and the MIT Technology Review as one of the 50 Smartest Companies. We are backed by NEA and KDI, having just raised our Series B funding.