CrawlJobs Logo

Cleared Vulnerability Research Engineer

bugcrowd.com Logo

Bugcrowd

Location Icon

Location:
United States

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

154800.00 - 193500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

This role is focused on end-to-end exploit development for real-world targets. The specialist will design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems. Work is conducted at the operating system, binary, and micro-architectural levels, with a strong emphasis on creating new technical capabilities. Success in this position requires the ability to independently translate an under-defined mission objective into a concrete, technically novel capability and the comfort of operating with minimal supervision, incomplete problem definitions, and delayed feedback.

Job Responsibility:

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities
  • Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
  • Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
  • Demonstrate ability to discover new, novel vulnerabilities in complex systems
  • Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
  • Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
  • Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
  • Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
  • Travel to customer sites as required
  • Perform on-site for extended periods of time

Requirements:

  • Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
  • Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
  • Demonstrated ability to discover new vulnerabilities, not just exploit known ones
  • Experience with both manual analysis and automated techniques (e.g., fuzzing)
  • Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
  • Ability to independently translate an under defined mission objective into a concrete, technically novel capability
  • Comfort operating with minimal supervision
  • TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
  • Ability to travel to customer sites as required
What we offer:

Discretionary bonus program or commission plan

Additional Information:

Job Posted:
January 20, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Bugcrowd - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cleared Vulnerability Research Engineer

Expert/Senior iOS Vulnerability Researcher

The project focuses on enhancing national and commercial resilience against mobi...
Location
Location
United States , McLean, Virginia
Salary
Salary:
Not provided
eleks.com Logo
ELEKS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Eligibility for a U.S. security clearance
  • 5+ years of experience in mobile vulnerability research or reverse engineering
  • Strong proficiency in Objective-C, Swift, and ARM64 assembly
  • In-depth understanding of iOS platform security mechanisms, including sandboxing and jailbreak techniques
  • Hands-on experience with browser/JavaScript fuzzing, Apple kernel internals, and memory corruption vulnerabilities
  • Exceptional attention to detail with the ability to clearly document technical findings
  • Ability to work professionally, reliably, and independently
Job Responsibility
Job Responsibility
  • Conduct static and dynamic vulnerability research across iOS applications and firmware
  • Design and execute fuzzing campaigns targeting iOS components
  • Reverse engineer iOS binaries using tools such as IDA Pro, Ghidra, and Hopper
  • Develop proof-of-concept exploits and support the responsible disclosure process
  • Collaborate with offensive security and red teams to assess real-world impact
  • Document research findings and contribute to technical reports and internal security advisories
  • Maintain and enhance internal mobile fuzzing frameworks
  • Assist in threat emulation and defense hardening initiatives
What we offer
What we offer
  • 14 paid days off
  • 8 paid sick leaves
  • Paid federal US holidays
  • Nonpaid leaves
  • Medical insurance (including dental and vision)
  • Close cooperation with a customer
  • Challenging tasks
  • Competence development
  • 401(k) plan
Read More
Arrow Right

Threat Intelligence Research Engineer

We’re looking for a Threat Intelligence Research Engineer who can bridge two wor...
Location
Location
United States , Orlando
Salary
Salary:
Not provided
threatlocker.com Logo
ThreatLocker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity research, threat intelligence, security engineering, SOC analysis, or malware analysis
  • Strong knowledge of attacker TTPs, MITRE ATT&CK, malware behavior, incident response, and threat hunting workflows
  • Hands-on familiarity with tools such as SIEMs, sandboxes, EDR platforms, packet analyzers, and OSINT frameworks
  • Ability to read logs, investigate incidents, and interpret technical artifacts
  • Proven experience writing technical reports, threat advisories, security research, or cybersecurity analysis
  • Ability to translate complex material into clear, concise content without losing technical accuracy
  • Strong editorial judgment and an understanding of narrative clarity and structure
  • Deep curiosity and a research-driven mindset
  • Commitment to accuracy, integrity, and evidence-backed analysis
  • Ability to juggle multiple research topics while meeting publishing deadlines
Job Responsibility
Job Responsibility
  • Monitor, analyze, and report on emerging threats, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and global threat trends
  • Investigate vulnerabilities, misconfigurations, malware behavior, ransomware campaigns, and exploit chains
  • Conduct independent research on threat actors, intrusion patterns, and security gaps relevant to our customer base
  • Collaborate with internal engineering, SOC, and threat teams to access proprietary intelligence and validate findings
  • Produce clear, defensible, and high-accuracy analysis based on data and technical evidence
  • Transform threat research into high-quality reports, whitepapers, blogs, briefs, advisories, and thought-leadership content
  • Write in a way that resonates with cybersecurity professionals, executives, and IT leaders
  • Contribute to articles under the names of internal subject matter experts (SMEs) to elevate their voices and strengthen company authority
  • Develop clear visuals, diagrams, and technical explanations to support complex research
  • Ensure all content is technically rigorous, original, and aligned with our Zero Trust security philosophy
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • virtual-first work with several Bloomreach Hubs
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • $1,500 professional education budget annually
  • Employee Assistance Program with counselors
  • Fulltime
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Slovakia , Bratislava; Brno; Prague
Salary
Salary:
5000.00 EUR / Month
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • Owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • and mentoring junior staff
What we offer
What we offer
  • Restricted stock units
  • company performance bonus
  • great deal of freedom and trust
  • flexible working hours
  • work virtual-first
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • work virtual-first with several Bloomreach Hubs available across three continents
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Product Manager: AI & Security

We’re looking for a Product Manager who can define, prioritize, and deliver the ...
Location
Location
Salary
Salary:
Not provided
xbow.com Logo
Xbow
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Degree in a technology related field or equivalent experience
  • Significant product management experience, preferably in security or developer tools, scaling products from startup to $100M
  • Deep technical curiosity - you love understanding how systems work under the hood
  • Action-oriented mindset with bias toward execution and rapid iteration
  • Strong technical background in application security, vulnerability research, or penetration testing
  • Understanding of AI/ML applications in cybersecurity contexts
  • Ability to work with and influence cross-functional teams (Seasoned researchers, engineers across etc.)
  • Ability to translate complex technical concepts into clear product requirements
  • Flawless execution of product work through GitHub Issues, Projects, and Pull Requests
  • Data-driven approach to product decisions with strong analytical skills
Job Responsibility
Job Responsibility
  • Define and execute product roadmap for vulnerability discovery algorithms and coverage optimization
  • Drive prioritization logic that focuses testing on high-value targets: relevant endpoints, code diffs, new releases, multi-role scenarios
  • Own persistent learning systems that carry forward knowledge across scans and applications
  • Collaborate with AI/ML teams to enhance cross-application insights and reduce redundant testing
  • Partner with security research teams to expand coverage of emerging vulnerability classes
  • Define metrics and KPIs for testing effectiveness, coverage quality, and discovery acceleration
  • Work closely with customers to understand their risk priorities and translate into product requirements
What we offer
What we offer
  • Competitive salary and equity package, making you a true owner of the company
  • Career Growth: Shape your role, lead the function, and grow with the company as we redefine cybersecurity
  • Meaningful Work: You will tackle technically complex challenges and play a pivotal role in the growth of our business, working alongside an amazing team and some of the world’s experts to shape how AI transforms cybersecurity
  • Fulltime
Read More
Arrow Right

Staff Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
Canada , Toronto
Salary
Salary:
Not provided
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in red teaming, offensive security, or penetration testing
  • Demonstrated experience mentoring or guiding other security engineers
  • Strong understanding of threat modeling methodologies and the MITRE ATT&CK framework
  • Experience testing modern environments, including cloud platforms (AWS, GCP), containerized systems (Docker, Kubernetes), CI pipelines, and identity systems
  • Working knowledge of defensive security tools such as IDS/IPS, EDR, packet capture, and network monitoring, including common evasion techniques
  • Proficiency in Python, Go, or JavaScript for exploit development, tooling, or automation
  • Clear written and verbal communication skills, with the ability to explain technical findings to both engineers and senior leaders
  • Experience collaborating with distributed teams and documenting work through tools such as Slack, Jira, GitHub, and email
Job Responsibility
Job Responsibility
  • Plan and execute red team operations, adversarial simulations, and penetration tests across applications, infrastructure, networks, offices, and internal processes
  • Perform threat modeling for new and existing services, clearly articulating security risks and tradeoffs to engineering and risk stakeholders
  • Conduct vulnerability research, exploit development, and testing using both custom tooling and public proof-of-concept techniques
  • Partner with detection and response teams to simulate realistic attack scenarios and evaluate monitoring and incident response readiness
  • Write and maintain tooling to automate and scale offensive security assessments
  • Serve as a subject matter expert by documenting findings, recommending remediation strategies, and supporting teams through fixes
  • Mentor teammates and contribute to shared knowledge through internal documentation, presentations, and external talks or blog posts
What we offer
What we offer
  • bonus opportunities
  • equity
  • benefits
  • Fulltime
Read More
Arrow Right

Staff Offensive Security Engineer

Join us in building the future of finance. Our mission is to democratize finance...
Location
Location
Canada , Toronto
Salary
Salary:
191250.00 - 225000.00 CAD / Year
robinhood.com Logo
Robinhood
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in red teaming, offensive security, or penetration testing
  • Demonstrated experience mentoring or guiding other security engineers
  • Strong understanding of threat modeling methodologies and the MITRE ATT&CK framework
  • Experience testing modern environments, including cloud platforms (AWS, GCP), containerized systems (Docker, Kubernetes), CI pipelines, and identity systems
  • Working knowledge of defensive security tools such as IDS/IPS, EDR, packet capture, and network monitoring, including common evasion techniques
  • Proficiency in Python, Go, or JavaScript for exploit development, tooling, or automation
  • Clear written and verbal communication skills, with the ability to explain technical findings to both engineers and senior leaders
  • Experience collaborating with distributed teams and documenting work through tools such as Slack, Jira, GitHub, and email
Job Responsibility
Job Responsibility
  • Plan and execute red team operations, adversarial simulations, and penetration tests across applications, infrastructure, networks, offices, and internal processes
  • Perform threat modeling for new and existing services, clearly articulating security risks and tradeoffs to engineering and risk stakeholders
  • Conduct vulnerability research, exploit development, and testing using both custom tooling and public proof-of-concept techniques
  • Partner with detection and response teams to simulate realistic attack scenarios and evaluate monitoring and incident response readiness
  • Write and maintain tooling to automate and scale offensive security assessments
  • Serve as a subject matter expert by documenting findings, recommending remediation strategies, and supporting teams through fixes
  • Mentor teammates and contribute to shared knowledge through internal documentation, presentations, and external talks or blog posts
What we offer
What we offer
  • bonus opportunities
  • equity
  • benefits
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy