Vulnerability Research (VR) Security Analyst in Birmingham, West Midlands

Our client is looking for a Vulnerability Research (VR) Security Analyst to join their expanding team, the role is permanent and is located in Birmingham, United kingdom.

This role will be part of a small team of Vulnerability Research (VR) Security Analysts, tackling some of the most interesting cyber problems with a meaningful and tangible impact on the national security of the UK. You will be instrumental in standing up an industry-leading security facility.

The focus of the VR Security Analyst will be to conduct in-depth VR activities, explore boundaries of technology and its development, test hypotheses, and conduct deep dives into the vulnerabilities of telecoms equipment. You will also develop bespoke leading-edge security testing tools to support these activities.

About you:

Examples of technical skills, knowledge, and experience, including:

• An interest and aptitude for vulnerability research (either from a professional background or by demonstrating an aptitude).
• A passion for understanding how things work, testing them, pushing them to their limits, and finding security issues in them.
• Understanding of hardware and software development lifecycles and their impact on security practices.
• Applied knowledge of cryptographic algorithms / standards and knowledge of data structures and distributed systems.
• Understanding of network protocols and how software works from assembly through to interpreted languages, and everything in between.
• Familiarity with vulnerabilities such as memory corruption bugs (stack/heap/integer overflows, format strings), and techniques attackers can use to bypass common security protections (e.g., NX, stack canaries, heap protection, ASLR, etc.)
• Knowledge and experience of embedded systems and operating systems, and hardware techniques for prototyping and debugging these.
• Knowledge of Linux OS internals. Ability to self-learn any language, given appropriate resources to study and practice.
• Practical knowledge of common white-hat exploitation toolsets and techniques for common flaws in low-level software, as well as web platforms (e.g., SQL injection, XSS, CSRF, SSRF, upload/download abuse, RCE).
• Reverse engineering experience (e.g., IDA Pro, Ghidra).

This role requires you to have SC clearance or to be eligible to obtain SC clearance.

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.