Your Role:
Tenable is looking for an engineer to join our research team. This position will involve researching existing vulnerabilities, looking for new vulnerabilities, and developing scripts to detect vulnerabilities. The development will be in Nessus Attack Scripting Language (NASL), although experience in NASL programming is not required.
Your Opportunity:
- Research newly published vulnerabilities and security advisories in order to determine safe and reliable methods of detection and exploitation
- Develop plugins for the Nessus vulnerability scanner based on research findings
- Research and develop methods of detection for currently unsupported services and products
- Perform original research by looking for vulnerabilities in software popular with our customers, coordinating disclosures, and providing plugins to detect these findings
What you'll need:
- In depth understanding of common security vulnerabilities, detection and exploitation techniques
- Demonstrably strong programming skills in at least one language.
- Knowledge on the operation and management of network services
- Protocol analysis and interaction
- Experience with search engines such as Shodan and Censys.
- Experience with git version control
- Ability to operate independently with little supervision as well as collaborate and work with others
- Ability to self-educate and keep up to date with current exploitation methods
- Outstanding written and verbal communication skills
- Ability to work within a virtualized lab environment
- Experience working with multiple operating systems (proficiency with Linux a must)
- Strong attention to detail and able to frequently shift priorities as needed
And ideally:
- B.S. degree in Computer Science or a related field
- 2-4 years of development experience
- Some reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk)
- Experience with C, C++, Assembly (x86/x64 and/or ARM/ARM64) and scripting languages
- Fuzzing experience
- Proven experience researching vulnerabilities or participating in bug bounty programs or other security related activities
- Experience with pentesting, researching, discovering, or publishing vulnerabilities
- Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
- One or more security related certifications (e.g. OSCP)
- Experience with CVSS scoring or vulnerability classification
- Experience with systems administration and be comfortable working at the command line
We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.
by via developer jobs - Stack Overflow
No comments:
Post a Comment