CrawlJobs Logo

Cleared Vulnerability Research Engineer

bugcrowd.com Logo

Bugcrowd

Location Icon

Location:
United States

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

154800.00 - 193500.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

This role is focused on end-to-end exploit development for real-world targets. The specialist will design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems. Work is conducted at the operating system, binary, and micro-architectural levels, with a strong emphasis on creating new technical capabilities. Success in this position requires the ability to independently translate an under-defined mission objective into a concrete, technically novel capability and the comfort of operating with minimal supervision, incomplete problem definitions, and delayed feedback.

Job Responsibility:

  • Design, develop, and validate novel vulnerability discovery and exploitation capabilities
  • Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
  • Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
  • Demonstrate ability to discover new, novel vulnerabilities in complex systems
  • Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
  • Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
  • Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
  • Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
  • Travel to customer sites as required
  • Perform on-site for extended periods of time

Requirements:

  • Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
  • Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
  • Demonstrated ability to discover new vulnerabilities, not just exploit known ones
  • Experience with both manual analysis and automated techniques (e.g., fuzzing)
  • Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
  • Ability to independently translate an under defined mission objective into a concrete, technically novel capability
  • Comfort operating with minimal supervision
  • TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
  • Ability to travel to customer sites as required
What we offer:

Discretionary bonus program or commission plan

Additional Information:

Job Posted:
January 20, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Bugcrowd - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cleared Vulnerability Research Engineer

Expert/Senior iOS Vulnerability Researcher

The project focuses on enhancing national and commercial resilience against mobi...
Location
Location
United States , McLean, Virginia
Salary
Salary:
Not provided
eleks.com Logo
ELEKS
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Eligibility for a U.S. security clearance
  • 5+ years of experience in mobile vulnerability research or reverse engineering
  • Strong proficiency in Objective-C, Swift, and ARM64 assembly
  • In-depth understanding of iOS platform security mechanisms, including sandboxing and jailbreak techniques
  • Hands-on experience with browser/JavaScript fuzzing, Apple kernel internals, and memory corruption vulnerabilities
  • Exceptional attention to detail with the ability to clearly document technical findings
  • Ability to work professionally, reliably, and independently
Job Responsibility
Job Responsibility
  • Conduct static and dynamic vulnerability research across iOS applications and firmware
  • Design and execute fuzzing campaigns targeting iOS components
  • Reverse engineer iOS binaries using tools such as IDA Pro, Ghidra, and Hopper
  • Develop proof-of-concept exploits and support the responsible disclosure process
  • Collaborate with offensive security and red teams to assess real-world impact
  • Document research findings and contribute to technical reports and internal security advisories
  • Maintain and enhance internal mobile fuzzing frameworks
  • Assist in threat emulation and defense hardening initiatives
What we offer
What we offer
  • 14 paid days off
  • 8 paid sick leaves
  • Paid federal US holidays
  • Nonpaid leaves
  • Medical insurance (including dental and vision)
  • Close cooperation with a customer
  • Challenging tasks
  • Competence development
  • 401(k) plan
Read More
Arrow Right

Threat Intelligence Research Engineer

We’re looking for a Threat Intelligence Research Engineer who can bridge two wor...
Location
Location
United States , Orlando
Salary
Salary:
Not provided
threatlocker.com Logo
ThreatLocker
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in cybersecurity research, threat intelligence, security engineering, SOC analysis, or malware analysis
  • Strong knowledge of attacker TTPs, MITRE ATT&CK, malware behavior, incident response, and threat hunting workflows
  • Hands-on familiarity with tools such as SIEMs, sandboxes, EDR platforms, packet analyzers, and OSINT frameworks
  • Ability to read logs, investigate incidents, and interpret technical artifacts
  • Proven experience writing technical reports, threat advisories, security research, or cybersecurity analysis
  • Ability to translate complex material into clear, concise content without losing technical accuracy
  • Strong editorial judgment and an understanding of narrative clarity and structure
  • Deep curiosity and a research-driven mindset
  • Commitment to accuracy, integrity, and evidence-backed analysis
  • Ability to juggle multiple research topics while meeting publishing deadlines
Job Responsibility
Job Responsibility
  • Monitor, analyze, and report on emerging threats, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and global threat trends
  • Investigate vulnerabilities, misconfigurations, malware behavior, ransomware campaigns, and exploit chains
  • Conduct independent research on threat actors, intrusion patterns, and security gaps relevant to our customer base
  • Collaborate with internal engineering, SOC, and threat teams to access proprietary intelligence and validate findings
  • Produce clear, defensible, and high-accuracy analysis based on data and technical evidence
  • Transform threat research into high-quality reports, whitepapers, blogs, briefs, advisories, and thought-leadership content
  • Write in a way that resonates with cybersecurity professionals, executives, and IT leaders
  • Contribute to articles under the names of internal subject matter experts (SMEs) to elevate their voices and strengthen company authority
  • Develop clear visuals, diagrams, and technical explanations to support complex research
  • Ensure all content is technically rigorous, original, and aligned with our Zero Trust security philosophy
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • virtual-first work with several Bloomreach Hubs
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • $1,500 professional education budget annually
  • Employee Assistance Program with counselors
  • Fulltime
Read More
Arrow Right

Senior Staff Security Infrastructure Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Slovakia , Bratislava; Brno; Prague
Salary
Salary:
5000.00 EUR / Month
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • Owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • and mentoring junior staff
What we offer
What we offer
  • Restricted stock units
  • company performance bonus
  • great deal of freedom and trust
  • flexible working hours
  • work virtual-first
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach available
  • Leader Development Program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer

Bloomreach is building the world’s premier agentic platform for personalization....
Location
Location
Czechia , Bratislava; Brno; Prague
Salary
Salary:
Not provided
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years of relevant experience
  • proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management
  • practical IaC and scripting for automation
  • strong cross-functional and external communication
  • experience mentoring junior staff
  • Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC
  • SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM
  • author and test detection rules and playbooks
  • integrate data sources
  • and operate with SLA-driven alerting and incident workflows
Job Responsibility
Job Responsibility
  • owns current and target-state data architectures and reporting
  • designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls
  • deploying, securing, configuring, and operating SIEM and other security resources
  • identifying, triaging, and remediating infrastructure and web vulnerabilities
  • leading incident triage and external-researcher engagement
  • mentoring junior staff
What we offer
What we offer
  • A great deal of freedom and trust
  • flexible working hours
  • work virtual-first with several Bloomreach Hubs available across three continents
  • company events
  • 5 paid days off to volunteer
  • People Development Program
  • communication coach
  • Leader Development Program
  • $1,500 professional education budget
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Red Team Engineer

As we continue to scale and grow, we are looking for an experienced Red Team Eng...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
iproov.com Logo
iProov
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in ethical hacking, vulnerability research, exploit development, penetration testing or being a member of a red team, with significant focus on web application security
  • Strong hands-on experience attacking and defending modern web tech stacks
  • Experience with JavaScript/Typescript
  • Proficient with offensive web toolsets (Burp Suite, OWASP ZAP) and experienced building extensions/scripts
  • Experience with developing and maintaining web-focused tooling and automation (Burp extensions, custom scanners, authenticated API fuzzers, GraphQL mutation explorers, Puppeteer/Playwright scripts)
  • Experience with source code reviewing for control flow and security flaws
  • A passion for constructively break things
  • Want to be part of an ambitious, high-growth startup company
  • Written and verbal communication skills in English
Job Responsibility
Job Responsibility
  • Design and execute Red Team Operations against iProov’s biometric platform, web apps, APIs, identity flows
  • Strengthen the company’s security posture through offensive security assessments including the identification and exploitation of vulnerabilities across the web platform
  • Perform penetration testing and realistic security exercises to simulate various attack scenarios, to test and improve our detection and response capabilities, and to identify weaknesses in our infrastructure and products
  • Execute technical security assessments to identify risk, likelihood and impact an attacker may have on the System due to weak or missing controls
  • Conduct research into real-world threat actor tactics, techniques, and procedures (TTP’s) to develop proof-of-concept tools and replicate real world attacks
  • Present findings and operational work to groups in a clear and professional manner
  • Produce clear, actionable reports, risk-ranked remediation plans, and executive summaries aimed at product and engineering stakeholders
  • Collaborate with defenders, product teams, and leadership to translate findings into prioritized, actionable remediation and risk reduction
  • Bring insight into all aspects of modern security issues to our products and rapidly developing prototypes for mitigations
  • Mentor engineers in secure-by-design patterns, client-side security, and secure API design
What we offer
What we offer
  • 25 days Annual Leave, plus 8 Bank Holidays (more holiday with service - up to an extra 5 days off per year based on your continuous service)
  • Growth Shares allocated after passing probation (6 months of service)
  • Salary sacrifice schemes including: Pension, Cycle To Work and Electric Car Scheme
  • Nursery Sacrifice Scheme
  • Work Overseas Perk - Work globally for up to 2 weeks
  • Life Assurance
  • SmartHealth - Access to private GP, Psychologist, Nutritionist along with tailored fitness plans for both you and your family
  • Award winning L&D platform with personal allocated training budgets
  • Benefit from personalized 1:1 career coaching with our in-house Occupational Psychologist
  • Enhanced paid family leave
  • Fulltime
Read More
Arrow Right

Senior Research Engineer – OT Cyber Security

Senior Research Engineer role focusing on OT Cyber Security at The Manufacturing...
Location
Location
United Kingdom , Coventry
Salary
Salary:
50000.00 - 60000.00 GBP / Year
the-mtc.org Logo
Manufacturing Technology Centre
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in working in an OT environment, with good knowledge of manufacturing challenges
  • Awareness of relevant cyber security standards and frameworks, such as NIST CSF, UK Cyber Essentials Scheme, OWASP guidance (incl. on AI), IEC 62443, legislation on cyber resilience including EU Cyber Resilience Act (CRA) and UK PTSI
  • Familiarity with network and infrastructure design and the implementation of secure-by-design principles
  • Bachelor’s degree in Cyber Security, Computer Science, Information Systems, or relevant industrial/commercial experience
  • 5+ years of experience in cyber security roles, preferably in OT/IT environments
  • Strong communication and presentation skills to both internal and external stakeholders
  • Ability to work collaboratively across departments and with external partners
  • Mindset for continuous development of new skills and knowledge
  • Analytical mindset with attention to detail and problem-solving abilities
Job Responsibility
Job Responsibility
  • Contribute to the design and implementation of infrastructure architecture (IT) and manufacturing (OT) systems based on secure by design principles, for MTC internal as well as customer research projects
  • Oversee cybersecurity testing activities to identify vulnerabilities and exploits
  • Work with colleagues and technology partners to further expand MTC’s capabilities in this domain, to deliver impact for UK manufacturing
  • Support MTC’s Digital Transformation Advisors with customer cyber security queries, and knowledge on implementation and adherence to national cyber security standards such as Cyber Essentials +
  • Work with MTC’s technology partners to maintain and expand testbeds to demonstrate cyber security best practices in the OT domain (network monitoring, asset management, etc.)
  • Keeping abreast of latest developments in standards and technologies in the cyber security domain, in relation to OT, critical infrastructure and AI
  • Create and maintain collateral to keep our customers informed about the latest guidance, legislation and best practice
  • Support MTC Business Development (BD) with proposal writing to win collaborative research & industrial projects in the cyber security domain
  • Provide clear communication and presentations to technical and non-technical stakeholders and manage relationships with customers and suppliers to align their cybersecurity expectations
What we offer
What we offer
  • Hybrid/Flexible working
  • Vitality Medical
  • Company Pension
  • Tusker Car Scheme
  • Cycle 2 work scheme
  • Fulltime
Read More
Arrow Right
New

Senior Security Engineer

We’re looking for experienced and driven senior security professionals to join o...
Location
Location
Israel , Tel Aviv, Herzliya
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Expertise structured threat modeling and architectural risk analysis
  • Deep knowledge in one or more of the following: Operating System internals (Windows/Linux), memory management, and secure boot
  • Virtualization, Cloud Architecture, and Container security
  • Application Security principles and secure software development practices across microservices, APIs, and distributed systems
  • Cloud-native services and their security implications (e.g., identity, secrets management, service mesh, serverless)
  • 6+ years in security engineering, architecture, or related roles
  • Demonstrated success in leading security reviews or threat modeling for large-scale systems
  • Prior experience in driving and managing internal security initiatives and integrating Secure Development Lifecycle (SDLC) concepts
  • Track record of identifying and mitigating vulnerabilities in OS, cloud, or infrastructure components
  • Proficiency in secure coding and code reviews
Job Responsibility
Job Responsibility
  • Lead security design and architecture reviews as well as threat modeling engagements for complex systems
  • Identify architectural vulnerabilities and guide engineering teams towards secure design patterns
  • Collaborate with security teams to identify vulnerabilities and embed security early in the product lifecycle
  • Communicate findings clearly to both technical and non-technical stakeholders
  • Drive security hardenings and security-driven redesign to improve security posture
  • Mentor engineers and promote a culture of security-first thinking
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy