Tenable
Cloud Security | Operational Technology | Identity Security | and more
Exposure Management • Cloud Security • Operational Technology • Vulnerability Management • Application Security
1001 - 5000
Research Engineer
August 22
Tenable
Cloud Security | Operational Technology | Identity Security | and more
Exposure Management • Cloud Security • Operational Technology • Vulnerability Management • Application Security
1001 - 5000
Description
• The Research Engineer will be involved with researching existing vulnerabilities, looking for new vulnerabilities, and developing checks/plugins to detect these vulnerabilities via our products. • Works on advanced research and development initiatives • Implements detection logic and scripts while minimizing false positives & false negatives • Participates in detection logic discussions and the research of new methods for detection • Helps other researchers on the team, when needed • Develop detection scripts for Tenable’s sensors (Nessus vulnerability scanner and others) based on the research findings • Keep abreast with the advancements and developments in the security industry and perform research to keep our customers secure • Research and develop methods of detection for additional services and products from different vendors • May perform other duties and responsibilities that management may deem necessary from time to time
Requirements
• B.S. degree in Computer Science or a related field, or equivalent work experience • Good programming skills in at least one language • Ability to operate independently with minimal supervision as well as collaborate and work with others as part of the larger research team • Experience working with multiple operating systems (proficiency with Linux a must) • Outstanding written and verbal communication skills • Strong attention to detail and able to shift priorities as needed • Willingness to explore and learn • At least 2 years of R&D experience • Ability to sit and work at a computer for extended periods of time • Some travel may be required • In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability detection, exploitation and classification techniques • Strong knowledge of networking services, common protocols, etc. • Experience with search engines such as Shodan and Censys • Some experience with pen-testing, researching, discovering, and publishing vulnerabilities • Some reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb) • Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages • One or more security related certifications (e.g. OSCP) • Experience with systems administration and be comfortable working at the command line • Understanding of common security vulnerabilities, vulnerability classification, detection and exploitation techniques • Reverse engineering experience including binary analysis, packet capture analysis, and firmware analysis (using binwalk or other). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb) • Experience with crash dump analysis and some exploit development • In-depth protocol analysis and interaction. Knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing • Some prior experience performing open-ended research when given high-level requirements and details of the desired output • Experience with researching, discovering, and publishing vulnerabilities • Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and scripting languages • Some experience writing blogs and whitepapers to showcase research as well as presenting at security conferences
Apply Now