CrawlJobs Logo

Cleared Vulnerability Research Engineer

bugcrowd.com Logo

Bugcrowd

Location Icon

Location:
United States

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

154800.00 - 193500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

This role is focused on end-to-end exploit development for real-world targets. The specialist will design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems. Work is conducted at the operating system, binary, and micro-architectural levels, with a strong emphasis on creating new technical capabilities. Success in this position requires the ability to independently translate an under-defined mission objective into a concrete, technically novel capability and the comfort of operating with minimal supervision, incomplete problem definitions, and delayed feedback.

Job Responsibility:

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities
  • Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
  • Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
  • Demonstrate ability to discover new, novel vulnerabilities in complex systems
  • Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
  • Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
  • Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
  • Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
  • Travel to customer sites as required
  • Perform on-site for extended periods of time

Requirements:

  • Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
  • Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
  • Demonstrated ability to discover new vulnerabilities, not just exploit known ones
  • Experience with both manual analysis and automated techniques (e.g., fuzzing)
  • Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
  • Ability to independently translate an under defined mission objective into a concrete, technically novel capability
  • Comfort operating with minimal supervision
  • TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
  • Ability to travel to customer sites as required
What we offer:

Discretionary bonus program or commission plan

Additional Information:

Job Posted:
January 20, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Bugcrowd - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cleared Vulnerability Research Engineer

Expert/Senior iOS Vulnerability Researcher

The project focuses on enhancing national and commercial resilience against mobi...
Location
Location
United States , McLean, Virginia
Salary
Salary:
Not provided
eleks.com Logo
ELEKS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Eligibility for a U.S. security clearance
  • 5+ years of experience in mobile vulnerability research or reverse engineering
  • Strong proficiency in Objective-C, Swift, and ARM64 assembly
  • In-depth understanding of iOS platform security mechanisms, including sandboxing and jailbreak techniques
  • Hands-on experience with browser/JavaScript fuzzing, Apple kernel internals, and memory corruption vulnerabilities
  • Exceptional attention to detail with the ability to clearly document technical findings
  • Ability to work professionally, reliably, and independently
Job Responsibility
Job Responsibility
  • Conduct static and dynamic vulnerability research across iOS applications and firmware
  • Design and execute fuzzing campaigns targeting iOS components
  • Reverse engineer iOS binaries using tools such as IDA Pro, Ghidra, and Hopper
  • Develop proof-of-concept exploits and support the responsible disclosure process
  • Collaborate with offensive security and red teams to assess real-world impact
  • Document research findings and contribute to technical reports and internal security advisories
  • Maintain and enhance internal mobile fuzzing frameworks
  • Assist in threat emulation and defense hardening initiatives
What we offer
What we offer
  • 14 paid days off
  • 8 paid sick leaves
  • Paid federal US holidays
  • Nonpaid leaves
  • Medical insurance (including dental and vision)
  • Close cooperation with a customer
  • Challenging tasks
  • Competence development
  • 401(k) plan
Read More
Arrow Right

Threat Intelligence Research Engineer

We’re looking for a Threat Intelligence Research Engineer who can bridge two wor...
Location
Location
United States , Orlando
Salary
Salary:
Not provided
threatlocker.com Logo
ThreatLocker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity research, threat intelligence, security engineering, SOC analysis, or malware analysis
  • Strong knowledge of attacker TTPs, MITRE ATT&CK, malware behavior, incident response, and threat hunting workflows
  • Hands-on familiarity with tools such as SIEMs, sandboxes, EDR platforms, packet analyzers, and OSINT frameworks
  • Ability to read logs, investigate incidents, and interpret technical artifacts
  • Proven experience writing technical reports, threat advisories, security research, or cybersecurity analysis
  • Ability to translate complex material into clear, concise content without losing technical accuracy
  • Strong editorial judgment and an understanding of narrative clarity and structure
  • Deep curiosity and a research-driven mindset
  • Commitment to accuracy, integrity, and evidence-backed analysis
  • Ability to juggle multiple research topics while meeting publishing deadlines
Job Responsibility
Job Responsibility
  • Monitor, analyze, and report on emerging threats, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and global threat trends
  • Investigate vulnerabilities, misconfigurations, malware behavior, ransomware campaigns, and exploit chains
  • Conduct independent research on threat actors, intrusion patterns, and security gaps relevant to our customer base
  • Collaborate with internal engineering, SOC, and threat teams to access proprietary intelligence and validate findings
  • Produce clear, defensible, and high-accuracy analysis based on data and technical evidence
  • Transform threat research into high-quality reports, whitepapers, blogs, briefs, advisories, and thought-leadership content
  • Write in a way that resonates with cybersecurity professionals, executives, and IT leaders
  • Contribute to articles under the names of internal subject matter experts (SMEs) to elevate their voices and strengthen company authority
  • Develop clear visuals, diagrams, and technical explanations to support complex research
  • Ensure all content is technically rigorous, original, and aligned with our Zero Trust security philosophy
Read More
Arrow Right
New

Staff Security Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • work virtual-first with several Bloomreach Hubs available across three continents
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Red Team Engineer

As we continue to scale and grow, we are looking for an experienced Red Team Eng...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
iproov.com Logo
iProov
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in ethical hacking, vulnerability research, exploit development, penetration testing or being a member of a red team, with significant focus on web application security
  • Strong hands-on experience attacking and defending modern web tech stacks
  • Experience with JavaScript/Typescript
  • Proficient with offensive web toolsets (Burp Suite, OWASP ZAP) and experienced building extensions/scripts
  • Experience with developing and maintaining web-focused tooling and automation (Burp extensions, custom scanners, authenticated API fuzzers, GraphQL mutation explorers, Puppeteer/Playwright scripts)
  • Experience with source code reviewing for control flow and security flaws
  • A passion for constructively break things
  • Want to be part of an ambitious, high-growth startup company
  • Written and verbal communication skills in English
Job Responsibility
Job Responsibility
  • Design and execute Red Team Operations against iProov’s biometric platform, web apps, APIs, identity flows
  • Strengthen the company’s security posture through offensive security assessments including the identification and exploitation of vulnerabilities across the web platform
  • Perform penetration testing and realistic security exercises to simulate various attack scenarios, to test and improve our detection and response capabilities, and to identify weaknesses in our infrastructure and products
  • Execute technical security assessments to identify risk, likelihood and impact an attacker may have on the System due to weak or missing controls
  • Conduct research into real-world threat actor tactics, techniques, and procedures (TTP’s) to develop proof-of-concept tools and replicate real world attacks
  • Present findings and operational work to groups in a clear and professional manner
  • Produce clear, actionable reports, risk-ranked remediation plans, and executive summaries aimed at product and engineering stakeholders
  • Collaborate with defenders, product teams, and leadership to translate findings into prioritized, actionable remediation and risk reduction
  • Bring insight into all aspects of modern security issues to our products and rapidly developing prototypes for mitigations
  • Mentor engineers in secure-by-design patterns, client-side security, and secure API design
What we offer
What we offer
  • 25 days Annual Leave, plus 8 Bank Holidays (more holiday with service - up to an extra 5 days off per year based on your continuous service)
  • Growth Shares allocated after passing probation (6 months of service)
  • Salary sacrifice schemes including: Pension, Cycle To Work and Electric Car Scheme
  • Nursery Sacrifice Scheme
  • Work Overseas Perk - Work globally for up to 2 weeks
  • Life Assurance
  • SmartHealth - Access to private GP, Psychologist, Nutritionist along with tailored fitness plans for both you and your family
  • Award winning L&D platform with personal allocated training budgets
  • Benefit from personalized 1:1 career coaching with our in-house Occupational Psychologist
  • Enhanced paid family leave
  • Fulltime
Read More
Arrow Right

Senior Product Security Engineer

Join our Product Security team, where you'll partner with development and game t...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a similar field, or equivalent experience
  • At least 5 years of demonstrated experience in application security, ideally within the gaming or technology sectors
  • Validated expertise in pentesting, security architecture, risk management, and securing CI/CD pipelines
  • Extensive knowledge of common and complex security vulnerabilities, along with effective mitigation techniques
  • Ability to translate design documents into security-focused guidelines and requirements for product development
  • Adapt quickly to new technologies, languages, and solve challenges outside your expertise
Job Responsibility
Job Responsibility
  • Develop threat models for a variety of applications and games to prioritize scope and use cases for security testing
  • Execute hands-on penetration tests and red team exercises to identify vulnerabilities in applications, infrastructure, and services
  • Conduct manual and automated secure code reviews in languages such as C#, Java, Python, and JavaScript, providing clear, actionable guidance to developers on vulnerability remediation
  • Triage, validate, and manage vulnerability reports from our bug bounty program, working with external researchers and internal teams on resolution
  • Develop and implement security automation tools to improve the efficiency and effectiveness of security processes
  • Provide security architecture and design guidance to development teams, ensuring secure coding practices are followed
  • Partner with teams to define and execute security strategy, driving security priorities across the organization
  • Stay ahead of emerging security threats, seeking and advocating for new technologies to address complex risks
What we offer
What we offer
  • Medical (HSA & FSA)
  • dental
  • vision
  • 401(k) with company match
  • employee stock purchase plan
  • commuter benefits
  • in-house wellness program
  • broad learning & development opportunities
  • a charitable giving platform with company match
  • Fitness allowance
  • Fulltime
Read More
Arrow Right

Senior Product Security Engineer

Ready to make an impact on the security of products from the ground up? Join our...
Location
Location
United States , Austin
Salary
Salary:
Not provided
take2games.com Logo
Take-Two Interactive Software, Inc.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Technology, or a similar field, or equivalent experience
  • At least 5 years of demonstrated experience in application security, ideally within the gaming or technology sectors
  • Validated expertise in pentesting, security architecture, risk management, and securing CI/CD pipelines to ensure seamless and secure software delivery
  • Extensive knowledge of common and complex security vulnerabilities, along with effective mitigation techniques
  • Ability to translate design documents into security-focused guidelines and requirements for product development
  • Adapt quickly to new technologies, languages, and solve challenges outside your expertise
  • Travel: No routine travel required
  • occasional travel as needed.
Job Responsibility
Job Responsibility
  • Develop threat models for a variety of applications and games to prioritize scope and use cases for security testing
  • Execute hands-on penetration tests and red team exercises to identify vulnerabilities in applications, infrastructure, and services
  • Conduct manual and automated secure code reviews in languages such as C#, Java, Python, and JavaScript, providing clear, actionable guidance to developers on vulnerability remediation
  • Triage, validate, and manage vulnerability reports from our bug bounty program, working with external researchers and internal teams on resolution
  • Develop and implement security automation tools to improve the efficiency and effectiveness of security processes
  • Provide security architecture and design guidance to development teams, ensuring secure coding practices are followed
  • Partner with teams to define and execute security strategy, driving security priorities across the organization
  • Stay ahead of emerging security threats, seeking and advocating for new technologies to address complex risks.
What we offer
What we offer
  • Medical (HSA & FSA), dental, vision, 401(k) with company match, employee stock purchase plan, commuter benefits, in-house wellness program, broad learning & development opportunities, a charitable giving platform with company match
  • Fitness allowance, employee discount programs, discounted games & events and stocked pantries.
  • Fulltime
Read More
Arrow Right

Product Security Graduate Intern

Sigma’s early career program is the launchpad for the next generation of enginee...
Location
Location
United States , San Francisco
Salary
Salary:
50.00 USD / Hour
sigmacomputing.com Logo
Sigma Computing
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Currently enrolled in a university graduate degree program in the U.S with a graduation date of December 2026 or later
  • Able to intern from May / June 2026 through August / September 2026 (12 weeks)
  • Legally authorized to work in the US during the Summer 2026 program
  • Located within the San Francisco Bay Area or willing to relocate during the internship
  • Able to work 40 hours per week (full-time) in a hybrid work model with a minimum of 4 days in office
  • Currently pursuing a Master’s degree in Computer Science, Engineering, or a related field, with a demonstrated interest / experience in security
  • Hands on development experience in one or more of the following: Python, Go, Rust, TypeScript, JavaScript, or Java
  • Solid understanding of common product security vulnerabilities and typical mitigation strategies
  • Self-starter who can take security problems, break them down, and drive them forward with minimal oversight
  • Curiosity about modern attack techniques and a willingness to experiment, learn, and think adversarially
Job Responsibility
Job Responsibility
  • Participate in threat modeling and security design reviews for new and existing features, including AI-enabled product capabilities
  • Assist with application security code reviews, with an emphasis on identifying systemic patterns and classes of vulnerabilities
  • Perform offensive security assessments, including penetration and red team style testing, and adversarial simulation, to proactively identify vulnerabilities and strengthen defenses
  • Research, test, and validate potential security issues across Sigma cloud environment, network application services and data flows
  • Triage and verify reported vulnerabilities using a data-driven approach, perform root cause analysis, and partner with engineers to drive remediation
  • Design, build, or extend security pipelines that leverage AI or ML to improve signal quality, prioritization, or developer experience
  • Track security metrics and produce clear documentation for areas of ownership
  • Scope, design, and deliver projects in collaboration with Product Security and Engineering mentors, with the option to focus on an AI-driven security initiative or a core product security problem
What we offer
What we offer
  • Equity
  • Generous health benefits
  • Flexible time off policy
  • Paid bonding time for all new parents
  • Traditional and Roth 401k
  • Commuter and FSA benefits
  • Lunch Program
  • Dog friendly office
  • Commuter bonus
  • Relocation bonus (where applicable)
  • Fulltime
Read More
Arrow Right

Network Engineer

This is a Cactus Wellhead position and is located in Houston, TX. Job Summary: C...
Location
Location
United States , Houston
Salary
Salary:
Not provided
cactuswhd.com Logo
Cactus Wellhead LLC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Cisco CCNP or vendor equivalent network professional certifications
  • Azure/AWS/GCP public cloud network specialization certifications
  • Network Security certifications – PCNSE, NSE 4+, Security+, CEH
  • Bachelor’s degree (IT) from a four-year college or university, or equivalent combination of education and experience
  • 5+ years enterprise LAN/WAN/WLAN experience, supporting global 24x7 environments
  • 2+ hands-on experience with cloud platforms – Azure, AWS, or GCP
  • Advanced knowledge of switching and routing protocols and concepts
  • Demonstrated expertise in cloud networking and SD-WAN technologies
  • Deep understanding of network security technologies, methodologies, and controls
  • Understanding of telephony technologies including hosted platforms and call centers
Job Responsibility
Job Responsibility
  • Practice safe work habits and comply with all quality, safety, health and environmental policies, programs and regulations
  • Configure and install network equipment including routers, switches, firewalls, wireless access points, NAC, VPN and load balancers in a multi-vendor environment
  • Provide expert-level support and troubleshooting for network-related issues escalated from Tier 1 team
  • Administer and support telephony in multiple use cases including remote users, branches, and call centers
  • Coordinate and resolve support cases with vendors, ensuring prompt issue escalation and resolution
  • Proactively manage and monitor the network infrastructure for performance, reliability, capacity, and degradation issues
  • Leverage centralized management tools to support operational efficiency
  • In coordination with the cybersecurity team, investigate and respond to network security alerts
  • Perform regular maintenance and deploy system upgrades such as firmware and software releases
  • Design, lead and implement network projects to enhance fault tolerance, high availability, scalability, and cybersecurity within the enterprise
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Poland Jobs Ireland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy