Vulnerability Researcher
  • United Kingdom London
  • ClickJobs.io
1 year before
31.12.2023
Protect and Defend
Vulnerability Assessment and Management
Job Description

CoreTech Security’s mission is to deliver high-end security research and bespoke solutions to some of the most interesting cyber security clients in the UK. In practice this means that we have built a world-class team of vulnerability researchers, reverse engineers, and high-assurance software engineers.

CoreTech have a well-established team in Cheltenham and we are looking to build on this success by expanding our London team. As such, we are actively looking to open a London office, which is a long-term strategic location both for our employees and for our clients. The intention is to have a modern office space located within a short distance of a Zone 1 Crossrail station, which will allow fast and regular connections from most other Tube lines, as well as also allowing people to more easily commute in from outside of London.

As part of our team, we will look to you to:

Learn the art of discovering critical software vulnerabilities in mobile and embedded devices
Become an expert at reverse engineering software without access to the source code
Spot flaws that others haven’t in a variety of software components
Work with hugely talented colleagues from a range of technical backgrounds
Conduct cutting-edge, novel and world-leading research in the art of software exploitation
Design and produce niche solutions with immediate real-world impact

We recognise the challenge in finding experienced, security cleared vulnerability researchers and therefore are open to candidates looking to cross-train into this domain. For example, cyber security developers with experience in C or C++ would have the right foundations for this role.

Essential to apply:

You have an active interest in cyber security and ethical hacking
You have some experience in writing software (e.g. scripts in Python or programs in C/C++/Java, etc.)

Ideal candidates will also:

Thrive on solving difficult and complex problems
Enjoy sharing their knowledge and working with team members
Have experience working on security cleared projects
Have a background in C or C++ with a good grasp on memory management i.e. you understand what the stack and heap are and how to avoid security related bugs when programming
Have familiarity with the types of bugs that can cause security issues
Have experience with Linux or Android and its internals

Benefits Package We understand that work-life balance can be hard, particularly when you love your job, so we've designed our package to ensure you see the benefit in both your home and working lives. Our benefits currently include: Work A profit share scheme so that everybody is rewarded for company success. This is an annual award that is based on the company hitting its targeted forecast. We have achieved this every year to date Promotions are based on technical excellence and reviewed regularly 25 days holiday per year (with bank holidays on top), option to buy/sell up to 5 days per year Level up with an extra day of holiday per year, up to an extra 5 days, starting from 2 years' service We offer financial support to cover HMRC allowable costs of relocating if you’re moving to the area Training and development opportunities to support your career aspirations. Regular events including internal technical conferences, company socials and pizza-fuelled lunchtime seminars Free seasonal fruit, tea, coffee, milk, squash and hot chocolate Health Private medical --- including access to: Private online GP, and a helpline to speak with various healthcare professionals Physiotherapists, osteopaths or chiropractors for muscle, bone, and joint pain Mental health - counselling, and specialist consultations and treatment with psychologists and cognitive behavioural therapists Annual Health assessment Financial Security 8% company contribution to pension with no minimum requirement for employee contribution Death in Service cover of 4x base salary Lifestyle Enhanced maternity/paternity/adoption leave - 12 weeks maternity leave at full pay as soon as you join, further enhanced to 20 weeks full pay from 2 years’ service 2 weeks paternity leave at full pay as soon as you join, further enhanced to 4 weeks full pay from 2 years’ service Enhanced cycle-to-work scheme including the ability to purchase a bike over £1,000 (e-bikes, specialist cycles and trikes allowed) The Electric Car Scheme – a pre-tax salary sacrifice scheme to enable you to purchase an electric car at a saving of 30-60% on the car lease, maintenance, servicing and roadside assistance

Salary

We are recruiting staff at all levels in this team, and are able to support market-leading salaries for every grade within our sector/location. We reward staff based on technical excellence and not years of experience, so it's important to us to speak with you to see which grade you would fit into - it's not always obvious from a CV! Your interviewer will spend time during your first interview speaking with you about how your skills and experience map against our grades, and discuss a salary band so that you know early what you can expect if you receive an offer from us. The technical interview will provide a deeper assessment of your skills against your mapped grade which ultimately determines whether you receive an offer and the exact salary.

Additional Details 

Our interview process is quick and to the point: if your application looks like a good fit for the role, we'll schedule a brief call to discuss it in more detail and answer any questions you may have. If that goes well, we'll arrange a technical interview to understand your level of experience. We aim to get back to you with an answer within a couple of days of the technical interview.

⚠ Please note, the role does require a security clearance and background checks. We can provide more details to successful applicants.

If you’re looking for a challenging role where you can make a real impact in the world, in a friendly environment and with all the support to advance your career, click apply.


Quick response

Required Knowledge
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0009   Knowledge of application vulnerabilities.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • K0206   Knowledge of ethical hacking principles and techniques.

Required Skills
  • S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
  • S0137   Skill in conducting application vulnerability assessments.

Required Abilities
  • A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0044  Ability to apply programming language structures (e.g., source code review) and logic.