CrawlJobs Logo
Bugcrowd Logo Bugcrowd · IT - Software Development

Cleared Vulnerability Research Engineer

United States 154800.00 - 193500.00 USD / Year · Job Posted January 20, 2026
Apply Position
Job Link Share

Job Description

This role is focused on end-to-end exploit development for real-world targets. The specialist will design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems. Work is conducted at the operating system, binary, and micro-architectural levels, with a strong emphasis on creating new technical capabilities. Success in this position requires the ability to independently translate an under-defined mission objective into a concrete, technically novel capability and the comfort of operating with minimal supervision, incomplete problem definitions, and delayed feedback.

Job Responsibility

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities
  • Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
  • Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
  • Demonstrate ability to discover new, novel vulnerabilities in complex systems
  • Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
  • Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
  • Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
  • Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
  • Travel to customer sites as required
  • Perform on-site for extended periods of time

Requirements

  • Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
  • Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
  • Demonstrated ability to discover new vulnerabilities, not just exploit known ones
  • Experience with both manual analysis and automated techniques (e.g., fuzzing)
  • Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
  • Ability to independently translate an under defined mission objective into a concrete, technically novel capability
  • Comfort operating with minimal supervision
  • TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
  • Ability to travel to customer sites as required

What we offer

Discretionary bonus program or commission plan

Bugcrowd - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Cleared Vulnerability Research Engineer

8 matching positions

Cyber Security Research Engineer 3 / Application Penetration Tester

In this contingent resource assignment, you may: Consult on or participate in mo...
Location
Location
United States , Charlotte
Salary
Salary:
Not provided
apexsystems.com Logo
Apex Systems
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years of hands-on application penetration testing experience (manual testing required)
  • Experience with DAST tools and validating/triaging vulnerabilities
  • Strong knowledge of web application security (OWASP Top 10, APIs, authentication/authorization)
Job Responsibility
Job Responsibility
  • Conduct manual penetration testing of web applications, APIs, and mobile platforms
  • Perform authentication, authorization, and business logic testing
  • Identify, validate, and exploit vulnerabilities beyond automated scanner results
  • Configure and tune DAST tools to enhance testing coverage
  • Use industry tools (Burp Suite, WebInspect, Fiddler, etc.) to support manual testing
  • Triage false positives and validate scan findings
  • Reproduce and demonstrate security vulnerabilities with clear impact
  • Document findings with detailed steps, evidence, and remediation guidance
  • Deliver high-quality reports for both technical and non-technical audiences
  • Partner with development and security teams to drive vulnerability remediation
What we offer
What we offer
  • Medical
  • Dental
  • Vision
  • Life insurance
  • Disability insurance
  • ESPP (employee stock purchase program)
  • 401K program with company match after 12 months
  • HSA (Health Savings Account on the HDHP plan)
  • SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions
  • Corporate discount savings program
  • Fulltime
Read More
Arrow Right

Security Research Engineer

Security represents one of the most critical priorities for customers operating ...
Location
Location
Costa Rica , San José
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 1+ year(s) experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 2+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Minimum 3 years of hands‑on experience in areas such as Security Operations (SOC Tier 2+), Cybersecurity Investigations, Incident Response, or Threat Hunting
  • Proven ability to analyze alerts and telemetry from EDR/XDR solutions—preferably Microsoft 365 Defender—and conduct investigations involving identity misuse, authentication anomalies, or suspicious access patterns
  • Solid understanding of operating system internals, security mitigations, and common threats across Windows, Linux, and Mac environments
  • Familiarity with MITRE ATT&CK and Cyber Kill Chain frameworks to structure, guide, and communicate investigative findings
  • Advanced English level
Job Responsibility
Job Responsibility
  • Analyze and validate security alerts, anomalies, and behavioral patterns within Microsoft 365 Defender and related telemetry to validate detections and understand attacker intent
  • Apply attacker methodology frameworks (MITRE ATT&CK, Cyber Kill Chain) to contextualize threats, assess progression, and determine potential impact
  • Investigate identity centric threats, credential misuse, lateral movement, cloud-based attacks, and modern techniques commonly used in human operated ransomware, Business Email Compromise (BEC), and stealthy persistence campaigns
  • Correlate large and complex datasets using Kusto Query Language (KQL) and investigate tooling to uncover relationships, patterns and root cause
  • Differentiate benign, misconfigured, suspicious, and malicious activity with confidence, supported by defensible evidence
  • Deliver customer facing investigation summaries that clearly articulate what occurred, why it matters, and the recommended next steps
  • Contribute to continuous improvement efforts by identifying gaps, false positives, attacker trends, and opportunities for tooling or process enhancements
  • Stay informed on SOC and threat landscape trends, including AI driven attack automation, identity-targeted campaigns, cloud compromise techniques, and evolving redteam tradecraft
  • Fulltime
Read More
Arrow Right

Senior Research Engineer – OT Cyber Security

Senior Research Engineer role focusing on OT Cyber Security at The Manufacturing...
Location
Location
United Kingdom , Coventry
Salary
Salary:
50000.00 - 60000.00 GBP / Year
the-mtc.org Logo
Manufacturing Technology Centre
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in working in an OT environment, with good knowledge of manufacturing challenges
  • Awareness of relevant cyber security standards and frameworks, such as NIST CSF, UK Cyber Essentials Scheme, OWASP guidance (incl. on AI), IEC 62443, legislation on cyber resilience including EU Cyber Resilience Act (CRA) and UK PTSI
  • Familiarity with network and infrastructure design and the implementation of secure-by-design principles
  • Bachelor’s degree in Cyber Security, Computer Science, Information Systems, or relevant industrial/commercial experience
  • 5+ years of experience in cyber security roles, preferably in OT/IT environments
  • Strong communication and presentation skills to both internal and external stakeholders
  • Ability to work collaboratively across departments and with external partners
  • Mindset for continuous development of new skills and knowledge
  • Analytical mindset with attention to detail and problem-solving abilities
Job Responsibility
Job Responsibility
  • Contribute to the design and implementation of infrastructure architecture (IT) and manufacturing (OT) systems based on secure by design principles, for MTC internal as well as customer research projects
  • Oversee cybersecurity testing activities to identify vulnerabilities and exploits
  • Work with colleagues and technology partners to further expand MTC’s capabilities in this domain, to deliver impact for UK manufacturing
  • Support MTC’s Digital Transformation Advisors with customer cyber security queries, and knowledge on implementation and adherence to national cyber security standards such as Cyber Essentials +
  • Work with MTC’s technology partners to maintain and expand testbeds to demonstrate cyber security best practices in the OT domain (network monitoring, asset management, etc.)
  • Keeping abreast of latest developments in standards and technologies in the cyber security domain, in relation to OT, critical infrastructure and AI
  • Create and maintain collateral to keep our customers informed about the latest guidance, legislation and best practice
  • Support MTC Business Development (BD) with proposal writing to win collaborative research & industrial projects in the cyber security domain
  • Provide clear communication and presentations to technical and non-technical stakeholders and manage relationships with customers and suppliers to align their cybersecurity expectations
What we offer
What we offer
  • Hybrid/Flexible working
  • Vitality Medical
  • Company Pension
  • Tusker Car Scheme
  • Cycle 2 work scheme
  • Fulltime
Read More
Arrow Right

Threat Intelligence Research Engineer

We’re looking for a Threat Intelligence Research Engineer who can bridge two wor...
Location
Location
United States , Orlando
Salary
Salary:
Not provided
threatlocker.com Logo
ThreatLocker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity research, threat intelligence, security engineering, SOC analysis, or malware analysis
  • Strong knowledge of attacker TTPs, MITRE ATT&CK, malware behavior, incident response, and threat hunting workflows
  • Hands-on familiarity with tools such as SIEMs, sandboxes, EDR platforms, packet analyzers, and OSINT frameworks
  • Ability to read logs, investigate incidents, and interpret technical artifacts
  • Proven experience writing technical reports, threat advisories, security research, or cybersecurity analysis
  • Ability to translate complex material into clear, concise content without losing technical accuracy
  • Strong editorial judgment and an understanding of narrative clarity and structure
  • Deep curiosity and a research-driven mindset
  • Commitment to accuracy, integrity, and evidence-backed analysis
  • Ability to juggle multiple research topics while meeting publishing deadlines
Job Responsibility
Job Responsibility
  • Monitor, analyze, and report on emerging threats, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and global threat trends
  • Investigate vulnerabilities, misconfigurations, malware behavior, ransomware campaigns, and exploit chains
  • Conduct independent research on threat actors, intrusion patterns, and security gaps relevant to our customer base
  • Collaborate with internal engineering, SOC, and threat teams to access proprietary intelligence and validate findings
  • Produce clear, defensible, and high-accuracy analysis based on data and technical evidence
  • Transform threat research into high-quality reports, whitepapers, blogs, briefs, advisories, and thought-leadership content
  • Write in a way that resonates with cybersecurity professionals, executives, and IT leaders
  • Contribute to articles under the names of internal subject matter experts (SMEs) to elevate their voices and strengthen company authority
  • Develop clear visuals, diagrams, and technical explanations to support complex research
  • Ensure all content is technically rigorous, original, and aligned with our Zero Trust security philosophy
Read More
Arrow Right
New

Principal Red Team Operator

Principal Operator, Red Team Role Summary The Operator, Red Team is a hands on ...
Location
Location
United States , Pittsburgh; Manchester; Charlotte; Johnston; Westwood; Boston; Phoenix; Iselin; Plano; Irving
Salary
Salary:
120000.00 - 210000.00 USD / Year
citizensbank.com Logo
Citizens Bank
Expiration Date
July 30, 2026
Flip Icon
Requirements
Requirements
  • 4 to 8 years of hands on cybersecurity experience with a strong focus on Red Team operations, adversary emulation, or advanced offensive security
  • Demonstrated experience executing Red Team or Purple Team engagements in assumed breach or adversary based scenarios
  • Proven ability to design and execute attack paths rather than relying solely on automated tools or point in time testing
  • Strong technical capability across multiple attack surfaces, including identity and access attacks, endpoint and network exploitation, cloud and SaaS environments, and command and control frameworks
  • Understanding of campaign based red teaming and continuous testing approaches, including iterative and regression style validation
  • Working knowledge of AI security concepts, including how AI enabled systems, inputs, and workflows can be manipulated or abused
  • Ability to collaborate with Blue Team and Detection Engineering to translate offensive activity into improved detection and response capabilities
  • Strong operational discipline, including clear documentation, safe execution, and adherence to engagement constraints
  • Effective communication skills, with the ability to explain technical findings to security practitioners and cross functional partners
  • Demonstrated curiosity, adaptability, and ability to operate in rapidly evolving threat and technology environments
Job Responsibility
Job Responsibility
  • Execute Red Team and Purple Team engagements as a primary operator, including adversary emulation, assumed breach scenarios, and intelligence driven attack paths
  • Design and execute campaign based attack operations that simulate real world adversary behavior across enterprise environments
  • Perform hands on exploitation and abuse across on prem, cloud, SaaS, and hybrid infrastructures
  • Simulate advanced attacker tradecraft, including living off the land techniques, identity abuse, privilege escalation, lateral movement, persistence, command and control, and controlled data exfiltration
  • Conduct testing against AI enabled systems and workflows, including abuse and misuse of AI assistants, copilots, and automation platforms
  • Execute prompt manipulation, indirect prompt injection, and AI model misuse scenarios to evaluate emerging attack surfaces
  • Collaborate closely with Detection Engineering and Blue Team during Purple Team engagements to validate detections, identify coverage gaps, and refine response effectiveness
  • Translate offensive findings into actionable remediation insights and partner with stakeholders to ensure vulnerabilities are addressed and control effectiveness is improved
  • Contribute to full lifecycle execution of engagements, ensuring findings are tracked through resolution and result in measurable risk reduction
  • Leverage and extend red team tooling and frameworks and develop targeted scripts or payloads to emulate specific adversary behaviors
What we offer
What we offer
  • Competitive pay
  • comprehensive medical, dental, and vision coverage
  • retirement benefits
  • maternity and paternity leave
  • flexible work arrangements
  • education reimbursement
  • wellness programs
  • annual discretionary bonus
  • Fulltime
Read More
Arrow Right
New

Principal Red Team Operator

Principal Operator, Red Team Role Summary The Operator, Red Team is a hands on ...
Location
Location
United States , Charlotte, North Carolina; Boston, Massachusetts; Manchester, New Hampshire; Pittsburgh, Pennsylvania; Westwood, Massachusetts; Johnston, Rhode Island
Salary
Salary:
120000.00 - 210000.00 USD / Year
citizensbank.com Logo
Citizens Bank
Expiration Date
July 30, 2026
Flip Icon
Requirements
Requirements
  • 4 to 8 years of hands on cybersecurity experience with a strong focus on Red Team operations, adversary emulation, or advanced offensive security
  • Demonstrated experience executing Red Team or Purple Team engagements in assumed breach or adversary based scenarios
  • Proven ability to design and execute attack paths rather than relying solely on automated tools or point in time testing
  • Strong technical capability across multiple attack surfaces, including identity and access attacks, endpoint and network exploitation, cloud and SaaS environments, and command and control frameworks
  • Understanding of campaign based red teaming and continuous testing approaches, including iterative and regression style validation
  • Working knowledge of AI security concepts, including how AI enabled systems, inputs, and workflows can be manipulated or abused
  • Ability to collaborate with Blue Team and Detection Engineering to translate offensive activity into improved detection and response capabilities
  • Strong operational discipline, including clear documentation, safe execution, and adherence to engagement constraints
  • Effective communication skills, with the ability to explain technical findings to security practitioners and cross functional partners
  • Demonstrated curiosity, adaptability, and ability to operate in rapidly evolving threat and technology environments
Job Responsibility
Job Responsibility
  • Execute Red Team and Purple Team engagements as a primary operator, including adversary emulation, assumed breach scenarios, and intelligence driven attack paths
  • Design and execute campaign based attack operations that simulate real world adversary behavior across enterprise environments
  • Perform hands on exploitation and abuse across on prem, cloud, SaaS, and hybrid infrastructures
  • Simulate advanced attacker tradecraft, including living off the land techniques, identity abuse, privilege escalation, lateral movement, persistence, command and control, and controlled data exfiltration
  • Conduct testing against AI enabled systems and workflows, including abuse and misuse of AI assistants, copilots, and automation platforms
  • Execute prompt manipulation, indirect prompt injection, and AI model misuse scenarios to evaluate emerging attack surfaces
  • Collaborate closely with Detection Engineering and Blue Team during Purple Team engagements to validate detections, identify coverage gaps, and refine response effectiveness
  • Translate offensive findings into actionable remediation insights and partner with stakeholders to ensure vulnerabilities are addressed and control effectiveness is improved
  • Contribute to full lifecycle execution of engagements, ensuring findings are tracked through resolution and result in measurable risk reduction
  • Leverage and extend red team tooling and frameworks and develop targeted scripts or payloads to emulate specific adversary behaviors
What we offer
What we offer
  • competitive pay
  • comprehensive medical, dental, and vision coverage
  • retirement benefits
  • maternity and paternity leave
  • flexible work arrangements
  • education reimbursement
  • wellness programs
  • Fulltime
Read More
Arrow Right
New

Senior Applied Threat Intelligence Analysts

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Redmond
Salary
Salary:
102100.00 - 202200.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection.
  • equivalent experience.
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
  • Microsoft Cloud Background Check: This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter.
Job Responsibility
Job Responsibility
  • Lead with AI to understand the threat landscape and the latest attacker tradecraft.
  • Track threat actors, including financially motivated threat actors
  • their infrastructure, their targets, and their shifting techniques, tactics, and procedures.
  • Translate complex technical findings into clear, prescriptive guidance for security operations teams, executives, and the broader defender community.
  • Partner with product, research, marketing, and communications teams to ensure high-quality intelligence experiences through Microsoft's customer-facing surfaces and managed services (Agentic Security, Defender XDR, Defender Experts, Sentinel, blogs, briefings).
  • Build and refine the pipelines, tooling, and workflows that allow Microsoft to stream insightful cyber threat intelligence to customers machine speed.
  • Represent Microsoft Threat Intelligence in customer briefings, industry conferences, and cross-industry working groups.
  • Fulltime
Read More
Arrow Right

Software Engineer II

Rapid7 is seeking a Software Engineer II to join our Labs team within the Securi...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
rapid7.com Logo
Rapid7
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years working in a professional software engineering environment
  • Proficiency in one or more industry standard languages such as Python, Go, Java, C#, or Ruby
  • Familiarity with modern engineering tools including Kubernetes, Terraform, Jenkins, and Spinnaker
  • Understanding of internet protocols and the related cybersecurity implications
  • Experience working with AWS services such as S3, EC2, IAM, and RDS (PostgreSQL)
  • Ability to collaborate with cross-functional teams regardless of location to drive impact and positive customer outcomes
  • Commitment to holding self and others responsible for driving outcomes and meeting commitments
  • Passion for developing your craft and continuous learning to elevate personal and professional impact
  • Clear communication of objectives and rationale to foster commitment from teammates
  • Experience with data-driven workflows using tools like Airflow, EMR, Glue, or Spark
Job Responsibility
Job Responsibility
  • Monitor and improve core research projects including our vulnerability intelligence service, Project Sonar, and Project Lorelei
  • Maintain and enhance RESTful APIs that back internet telemetry research tools
  • Contribute to the evolution of overall telemetry research effort to develop richer data generation capabilities
  • Partner with the Manager of Software Engineering to develop long-term vision and strategy for core projects
  • Execute technical improvements across the stack using Python, Django, and other object-oriented languages
  • Manage cloud-based infrastructures utilizing Kubernetes (EKS), Terraform, and various AWS services
  • Develop and refine presentation layers for internet telemetry to ensure high-quality data visualization
  • Drive agile software development principles including high test coverage and CI/CD workflows
  • Fulltime
Read More
Arrow Right