CrawlJobs Logo

Cleared Vulnerability Research Engineer

bugcrowd.com Logo

Bugcrowd

Location Icon

Location:
United States

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

154800.00 - 193500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

This role is focused on end-to-end exploit development for real-world targets. The specialist will design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems. Work is conducted at the operating system, binary, and micro-architectural levels, with a strong emphasis on creating new technical capabilities. Success in this position requires the ability to independently translate an under-defined mission objective into a concrete, technically novel capability and the comfort of operating with minimal supervision, incomplete problem definitions, and delayed feedback.

Job Responsibility:

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities
  • Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
  • Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
  • Demonstrate ability to discover new, novel vulnerabilities in complex systems
  • Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
  • Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
  • Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
  • Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
  • Travel to customer sites as required
  • Perform on-site for extended periods of time

Requirements:

  • Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
  • Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
  • Demonstrated ability to discover new vulnerabilities, not just exploit known ones
  • Experience with both manual analysis and automated techniques (e.g., fuzzing)
  • Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
  • Ability to independently translate an under defined mission objective into a concrete, technically novel capability
  • Comfort operating with minimal supervision
  • TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
  • Ability to travel to customer sites as required
What we offer:

Discretionary bonus program or commission plan

Additional Information:

Job Posted:
January 20, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Bugcrowd - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cleared Vulnerability Research Engineer

Expert/Senior iOS Vulnerability Researcher

The project focuses on enhancing national and commercial resilience against mobi...
Location
Location
United States , McLean, Virginia
Salary
Salary:
Not provided
eleks.com Logo
ELEKS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Eligibility for a U.S. security clearance
  • 5+ years of experience in mobile vulnerability research or reverse engineering
  • Strong proficiency in Objective-C, Swift, and ARM64 assembly
  • In-depth understanding of iOS platform security mechanisms, including sandboxing and jailbreak techniques
  • Hands-on experience with browser/JavaScript fuzzing, Apple kernel internals, and memory corruption vulnerabilities
  • Exceptional attention to detail with the ability to clearly document technical findings
  • Ability to work professionally, reliably, and independently
Job Responsibility
Job Responsibility
  • Conduct static and dynamic vulnerability research across iOS applications and firmware
  • Design and execute fuzzing campaigns targeting iOS components
  • Reverse engineer iOS binaries using tools such as IDA Pro, Ghidra, and Hopper
  • Develop proof-of-concept exploits and support the responsible disclosure process
  • Collaborate with offensive security and red teams to assess real-world impact
  • Document research findings and contribute to technical reports and internal security advisories
  • Maintain and enhance internal mobile fuzzing frameworks
  • Assist in threat emulation and defense hardening initiatives
What we offer
What we offer
  • 14 paid days off
  • 8 paid sick leaves
  • Paid federal US holidays
  • Nonpaid leaves
  • Medical insurance (including dental and vision)
  • Close cooperation with a customer
  • Challenging tasks
  • Competence development
  • 401(k) plan
Read More
Arrow Right

Threat Intelligence Research Engineer

We’re looking for a Threat Intelligence Research Engineer who can bridge two wor...
Location
Location
United States , Orlando
Salary
Salary:
Not provided
threatlocker.com Logo
ThreatLocker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity research, threat intelligence, security engineering, SOC analysis, or malware analysis
  • Strong knowledge of attacker TTPs, MITRE ATT&CK, malware behavior, incident response, and threat hunting workflows
  • Hands-on familiarity with tools such as SIEMs, sandboxes, EDR platforms, packet analyzers, and OSINT frameworks
  • Ability to read logs, investigate incidents, and interpret technical artifacts
  • Proven experience writing technical reports, threat advisories, security research, or cybersecurity analysis
  • Ability to translate complex material into clear, concise content without losing technical accuracy
  • Strong editorial judgment and an understanding of narrative clarity and structure
  • Deep curiosity and a research-driven mindset
  • Commitment to accuracy, integrity, and evidence-backed analysis
  • Ability to juggle multiple research topics while meeting publishing deadlines
Job Responsibility
Job Responsibility
  • Monitor, analyze, and report on emerging threats, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and global threat trends
  • Investigate vulnerabilities, misconfigurations, malware behavior, ransomware campaigns, and exploit chains
  • Conduct independent research on threat actors, intrusion patterns, and security gaps relevant to our customer base
  • Collaborate with internal engineering, SOC, and threat teams to access proprietary intelligence and validate findings
  • Produce clear, defensible, and high-accuracy analysis based on data and technical evidence
  • Transform threat research into high-quality reports, whitepapers, blogs, briefs, advisories, and thought-leadership content
  • Write in a way that resonates with cybersecurity professionals, executives, and IT leaders
  • Contribute to articles under the names of internal subject matter experts (SMEs) to elevate their voices and strengthen company authority
  • Develop clear visuals, diagrams, and technical explanations to support complex research
  • Ensure all content is technically rigorous, original, and aligned with our Zero Trust security philosophy
Read More
Arrow Right

Principal Security Researcher - Microsoft Red Team

The Cloud & AI organization accelerates Microsoft’s mission and bold ambitions t...
Location
Location
United States , Multiple Locations
Salary
Salary:
163000.00 - 296400.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 5+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Security, or related field AND 8+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements are required for this role
  • This position will be required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Research and discover zero-day vulnerabilities in cloud environments and associated technologies
  • Develop and implement proof-of-concept exploits to demonstrate potential risks and work closely with engineering teams to address findings
  • Analyze a wide array of data sources to identify potential security weaknesses and breach points within Microsoft’s infrastructure
  • Develop tools and techniques to scale and accelerate adversary emulation and vulnerability discovery
  • Partner with operational teams to execute targeted attacks on these systems, simulating real-world threat scenarios
  • Advocate for security change across the company through building partnerships and clearly communicating impact of risks
  • Embody our culture and values
  • Fulltime
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • virtual-first work with several Bloomreach Hubs
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • $1,500 professional education budget annually
  • Employee Assistance Program with counselors
  • Fulltime
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Slovakia , Bratislava; Brno; Prague
Salary
Salary:
5000.00 EUR / Month
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • Owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • and mentoring junior staff
What we offer
What we offer
  • Restricted stock units
  • company performance bonus
  • great deal of freedom and trust
  • flexible working hours
  • work virtual-first
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • work virtual-first with several Bloomreach Hubs available across three continents
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Senior Security Engineer

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Redmond
Salary
Salary:
119800.00 - 234700.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Experience in security research, threat analysis, incident response, or detection engineering
  • Understanding of identity and access technologies, such as authentication and authorization protocols (OAuth, OIDC, SAML), tokens, certificates/PKI, and MFA
  • Experience analyzing security telemetry at scale (for example, using Kusto, SQL, or similar analytics platforms)
  • Ability to translate complex technical findings into clear guidance for engineers and security stakeholders
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Microsoft Cloud Background Check
Job Responsibility
Job Responsibility
  • Translate emerging security threats into clear, actionable engineering requirements, partnering with product and engineering teams to drive AI‑first solutions that close gaps quickly and scale protections across identity systems
  • Investigate and analyze advanced identity based attacks, including token theft, certificate abuse, federation compromise, workload identity misuse, MFA bypass, and hybrid/cloud attack paths
  • Perform deep security investigations using large scale telemetry across cloud identity systems, correlating signals to distinguish malicious activity from expected service behavior
  • Design high fidelity detections based on adversary invariants and abuse patterns
  • Partner with product and platform engineering teams to drive durable security improvements, including logging and telemetry enhancements, protocol hardening, policy changes, and safer default designs
  • Contribute to incident response and post incident reviews, identifying root causes, systemic gaps, and long term mitigations that prevent recurrence
  • Influence security strategy by identifying emerging threat classes, assessing residual risk, and advising engineering and security leadership
  • Build or contribute to automation and tooling that accelerates investigation, detection, and remediation at cloud scale
  • Collaborate across security, engineering, and research teams to improve Microsoft’s overall identity security posture
Read More
Arrow Right

Principal Security Researcher

Security represents the most critical priorities for our customers in a world aw...
Location
Location
United States , Multiple Locations
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • 8+ years of experience in cybersecurity, with hands-on background in blue team operations, SOC, incident response, or detection engineering
  • 5+ years of experience understanding of attacker techniques, post-exploitation behavior, and investigative workflows in enterprise environments
  • 5+ years of experience working with security telemetry and log data, including practical use of KQL or similar query languages
  • Experience with the Microsoft Defender suite of products
  • Prior purple team, threat hunting, or adversary emulation experience
Job Responsibility
Job Responsibility
  • Design and execute purple team simulations that emulate real-world threat actors, techniques, and campaigns across endpoint, identity, cloud, and email surfaces
  • Partner closely with Microsoft Defender engineering, research, and threat intelligence teams to evaluate detection coverage, investigation quality, and response effectiveness
  • Analyze telemetry using Kusto / KQL to validate detection logic, uncover gaps, and measure signal quality
  • Translate attacker tradecraft into actionable insights for defenders, including detection recommendations, telemetry requirements, and investigation improvements
  • Apply frameworks such as MITRE ATT&CK to map adversary behavior, identify coverage gaps, and communicate findings clearly to technical and non-technical audiences
  • Leverage threat intelligence to inform simulation design, prioritize scenarios, and ensure relevance to active and emerging threats
  • Contribute to high-quality written simulation reports, executive presentations, and technical documentation that influence product and security strategy
  • Act as an experienced technical voice within the Purple Team, helping shape methodology, standards, and long-term research direction
  • Fulltime
Read More
Arrow Right