Fortinet Senior Security Researcher 

United States, California, Sunnyvale 

879458593

Responsibilities:

The Product Security Incident Response Team is looking for a Senior Security Researcher, to research & discover security vulnerabilities in Fortinet products.

• Discover new Exploitation Techniques or Attack Vectors.
• Discover new Exploits/Vulnerabilities.
• Perform Source Code Review to identify potential security flaws.
• Write Proof of Concept exploits for vulnerabilities discovered using SAST/DAST.
• Work with development team to fix the discovered vulnerabilities.
• Analyze new attacks, attack surfaces.
• Stay up to date on the latest exploitation techniques.

Requirements:

• At least 3 years of experience in Security or Vulnerability Research.
• Reverse engineering experience including binary analysis, and firmware analysis (using binwalk or other) Prior experience with dynamic analysis debuggers (e.g. OllyDBG, WinDBG), disassemblers or decompilers (e.g. IDA Pro.)
• Penetration testing web application and attack analysis experience using tools including Burp Suite, Fiddler, or Metasploit, etc.
• Experience in Source Code Analysis using tools like Coverity, Blackduck, Checkmarx, etc.
• Experience in writing Proof of Concept exploits for vulnerabilities discovered using DAST/SAST.
• Familiar with Top Web Application Security Risks/Vulnerabilities and attack techniques in MITRE ATT&CK matrix.
• Solid knowledge of programming languages Experience writing code in PHP, Java, C/C++ JavaScript and/or Python.
• Familiar with Database languages.
• Familiar with popular Web Server software (e.g. Nginx, Apache, IIS) and Web Application Frameworks.
• Knowledge of OS Internals & networking protocols such as TCP/IP, DNS, HTTP, Scada, IoT, etc.
• Self-directed, Self-motivated with the ability to work with minimal supervision and be productive.
• Good communication skills and a team player
• Proven analytical and problem solving skills and out-of-the-box thinking.
• CTF, Bug-Bounty or proven Multiple public records of Vulnerability Disclosure (e.g. CVEs) is a strong plus.

Education

• Bachelor or Master of Computer Science or Electrical/Computer Engineering.

Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.