Threat & Vulnerability Management/ Title: Security Analysis Consultant (Vulnerability Researcher)
Reporting to the Threat & Vulnerability Management within the Dell Cybersecurity organization, the Vulnerability Researcher will apply industry standard methodologies to identify vulnerabilities in Dell products and collaborate with engineering teams to address findings.
The ideal candidate will have exceptional hands-on vulnerability research skills, be a strong team player, and actively participate in a fast-paced and challenging global environment. Candidates must be able to work independently and demonstrate exceptional organizational and time management skills.
• Responsible for discovering and exploiting vulnerabilities affecting Dell software and firmware.
• Developing and maintaining tools to assist in vulnerability research and exploit development.
• Participate in or work directly on, additional projects, assignments or initiatives as required.
• Integrate information security controls into an environment to identify risks and reduce their impact.
• Provides analysis of potential information security risks and recommend solutions.
• Communicates information security procedures to the business.
• Escalate issues to vendors, security team, and engineering through standard escalation processes.
• 10+ years of Information Security experience.
• 5+ years direct or equivalent experience in areas of vulnerability research, exploit development, reverse engineering and fuzzing.
• In-depth knowledge and experience with Windows Operating Systems Internals (Kernel, Registry, File system, Windows APIs).
• Knowledge of Windows development (C/C++/C#) user mode and kernel mode applications.
• Experience in vulnerability research, exploit development, reverse engineering and kernel debugging.
• Competency with any of the following tools: User and kernel-mode debuggers (WinDbg, OllyDbg/Immunity Debugger), IDA Pro, Hex-Rays, Visual Studio, Driver Verifier.
Candidates possessing the following will be given preferential consideration:
• Bachelor of Science in Computer Science, Computer Engineering, or Electrical Engineering or a related technical field or equivalent professional experience.
• Experienced programming using x86/x64 assembly C, C++, and Python (or a comparable scripting language).
• Familiar with the Metasploit framework.
• Source code review for control flow and security flaws.
• Have published security research or security bug.
• Possess excellent communication skills in English, both written and verbal.
• Excellent problem solving skills with the ability to diagnose and troubleshoot technical issues.
• Customer-oriented with a strong interest in customer satisfaction.