Principal Vulnerability Engineer (Remote US)

Job Description

Are you passionate about vulnerability and exploit analysis?

Do you have strong programming skills?Are you experienced in malware analysis or reverse engineering?Do you want to collaborate with an exceptional industry-leading team?

Then the FLARE Offensive Task Force (OTF) is looking for you!

As a vulnerability engineer working within FLARE’s OTF you will dissect attacker tools and backdoors in support of incident responders, acting as the subject matter expert on analyzing exploits discovered within malware. You will develop innovative tools to aid in the automation of vulnerability discovery, malware analysis, and reverse engineering efforts. Additionally, you will participate in our growing public presence: vulnerability disclosures, FireEye blogs, conference presentations, and the FLARE-ON Challenge.

Note that this position can be supported from any of the following office locations: Reston, VA; New York, NY; Denver, CO; or remotely for well-qualified candidates.

• Research and analyze offensive cyber capabilities
• Perform white box analysis on internal and external code
• Analyze executables and malicious files(exploits and malware)
• Collaborate with an experienced team of industry-leading analysts and researchers
• Develop novel solutions to challenges facing incident responders and malware analysts
• Support the company’s research and development efforts

Qualifications

• Understanding of software exploits
• Ability to analyze disassembly of x86 and x64 binaries
• Experience writing and analyzing shellcode
• Strong programming skills
• Experience developing applications in C, C, and Python
• Experienced with the following, their underlying causes, and existing mitigations:
  • Stack Overflows
  • Heap Overflows
  • Integer Overflows
  • Use After Free
  • Type Confusion
• Knowledgeable in the use of:
  • IDA Pro disassembler
  • Virtual Machines
  • User- and kernel-mode debuggers
  • Common binary file formats
  • Dynamic analysis tools
  • Network analysis tools
• Ability to reverse engineer binaries of various types including:
  • C/C
  • Delphi
  • .NET
  • Flash
  • Compiled VBScript
• Ability to analyze packed and obfuscated code
• Capable of Python scripting to automate analysis tasks
• Experience developing scripts to decode obfuscated data and network communications
• Thorough understanding of network protocols
• Capable of identifying host and network-based indicators
• Experience mitigating anti-reverse engineering techniques

• BS or MS in Computer Science or Computer Engineering preferred
• Proficiency in Web Security Vulnerabilities and Exploitation preferred
• Prior experience in a manager, lead, or supervisory capacity preferred

Additional Information

At FireEye we are committed to our #OneTeam approach combining diversity, collaboration, and excellence. All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability. Requests for accommodation due to disability can be sent directly to [emailprotected]

Minimum Salary: $110,000. Final salary will be determined commensurately with cost of living, experience level, and/or any other legally permissible considerations.

Incentive Compensation: Eligibility for annual bonus subject to individual and company performance; eligibility for award of Restricted Stock Units subject to eligibility requirements, approval from FireEye’s Compensation Committee, and vesting terms

Benefits: Employer subsidized benefits include Medical, Dental, Vision, Life, and Disability Insurance. Subject to eligibility requirements, FireEye also offers the ability to participate in 401(k), Flexible Spending Accounts, Health Savings Accounts, Dependent Care Spending Accounts, and Employee Stock Purchase Program. FireEye also provides Paid Time Off, Flexible Paid Sick Time, and Paid Holidays.

Disclosure as required by sb19-085 (8-5-20)