Senior Windows Vulnerability Researcher and Exploit Developer - Abu Dhabi, United Arab Emirates - Crowdfense

Description

Location: on-site, Abu Dhabi (relocation is mandatory)

Crowdfense researchers conduct cutting-edge vulnerability research and exploit development. They find zero-day vulnerabilities, write in-depth root-cause analyses, contextualise the vulnerabilities and attack vectors, and identify patterns in emerging and established attack surface areas.

We're looking for an experienced Windows Vulnerability Researcher to join our lab in Abu Dhabi.

The ideal candidate for this position should possess a deep understanding of security concepts and a strong knowledge of the Windows operating system's internals. They should also have a track record of successful vulnerability research. Additionally, the candidate should have experience identifying software vulnerabilities, binary auditing, reverse engineering, fuzzing, and source code review. Finally, they should be comfortable developing exploits.

They should possess strong critical thinking skills and a passion for solving challenging problems and obstacles creatively and efficiently. They should be self-motivated and have a solid will to undertake long-term projects and responsibilities. The candidate must be able to work independently with minimal supervision and collaborate in a team to solve complex problems.

Responsibilities:

• Conduct vulnerability research, reverse engineering, fuzzing, and static analysis on Windows OS core components (userland or kernel) or third-party enterprise/consumer applications (e.g., Office Suite, Adobe Acrobat, VPNs, AV/EDR, Backup Solutions).
• Develop proof-of-concept code, exploits and attack techniques.
• Perform root cause analyses, document and validate exploits.
• Provide insights and ideas to the research team.
• Stay up-to-date with Windows OS security, features, and updates.
• Develop research tools for public and internal use.
• Publish blog posts on
• Participate in technical training, present research or attend security conferences such as Blackhat and DEFCON.

Requirements:

• Demonstrated ability to discover and exploit high-impact zero-day vulnerabilities (e.g. RCE, LPE, Sandbox escape) in Windows OS (userland or kernel) and/or market-leading 3rd parties' enterprise and consumer products.
• Previously published exploits, CVEs, blog posts, techniques, technical analyses of vulnerabilities, or presentations in security conferences or webcasts. Please show us what you're passionate about.
• Deep knowledge of the Windows OS architecture and internals.
• A broad understanding of predominant bug classes and exploitation techniques (exploitation experience is required). We don't expect you to know everything, but you should be comfortable digging in to learn and apply new or unfamiliar techniques when needed.
• Thorough understanding of current and upcoming security mitigations.
• Ability to conduct long-term and widely scoped security research projects as part of a broader team effort.
• Reverse engineering skills.
• Fluent in C/C++ and Intel assembly code.
• Competency with debuggers and IDA Pro.
• Good written English.
• Willingness to mentor and help other team members understand key concepts. (You won't need to manage people).

Benefits:

• Finance: Highly competitive base salary with an additional monetary bonus system based on exploitable vulnerability findings.
• Career Development: Further your career by joining a team of established and experienced security researchers.
• Training and Conferences: Opportunities for paid travel to conferences and trainings.
• Off-topic Research: We allow researchers to spend up to 25% of their time researching other topics, building and breaking the things they love.
• Relocation Package
• Wellness: We offer a prime wellness program to promote a healthy lifestyle and work-life balance. This program includes, but is not limited to, Health insurance, mental health coaching, and more.

About Crowdfense

Crowdfense is a world-leading research hub and acquisition platform for high-quality zero-day exploits and advanced vulnerability research. Led by cybersecurity experts, our platform hosts a global community of top-tier independent researchers with unmatched skills in advanced vulnerability research and exploit development. We evaluate and purchase premium exploits and vulnerabilities, rewarding the highest bounties in the industry. We analyse and document all the acquired strategic intelligence assets and provide worldwide government customers with cutting-edge cybersecurity capabilities. Crowdfense adheres to unparalleled export control, compliance, due diligence, and vetting standards to ensure transparency and accountability for the world's most trusted vulnerability acquisition platform.