Sr. Security Vulnerability Researcher

• Lead advanced research and analysis on vulnerabilities within publicly accessible and commercial data sources, platforms, and software relevant to government missions.
• Direct and perform in-depth vulnerability assessments, exploit validation, and security posture evaluations.
• Develop and oversee methodologies for identifying, categorizing, and prioritizing vulnerabilities using both automated and manual analysis techniques.
• Collaborate with internal and external stakeholders to develop mitigation strategies and enhance vulnerability management processes.
• Produce detailed technical reports, threat assessments, and briefings tailored for both technical and executive audiences.
• Track global vulnerability disclosures, emerging exploitation trends, and adversary tactics to inform proactive defense measures.
• Apply expertise in reverse engineering, static and dynamic analysis, and protocol dissection to validate findings.
• Guide junior analysts and researchers in vulnerability discovery, tool development, and analytic tradecraft.
• Represent the research team in interagency or partner technical forums, ensuring alignment with government cybersecurity objectives.

Leadership Responsibilities

• This position may potentially serve as the lead and primary point of contact for a team.

• Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related technical field Masters degree preferred).

• Minimum of 9 years of professional experience in vulnerability research, penetration testing, exploit development, or cyber threat intelligence.
• Proven experience supporting U.S. Government cybersecurity, defense, or intelligence programs.
• Deep technical understanding of operating systems, network protocols, cloud architectures, and application security.
• Proficiency with vulnerability analysis and exploitation frameworks (e.g., IDA Pro, Ghidra, Burp Suite, Metasploit, Nessus, Nmap).
• Strong command of programming and scripting languages (e.g., Python, C/C++, PowerShell, Bash).
• Familiarity with CVE/CVSS scoring, MITRE ATT&CK, and vulnerability disclosure standards.
• Demonstrated ability to synthesize complex technical data into clear, actionable intelligence products.
  
  

• Advanced degree (M.S. or Ph.D.) in Cybersecurity, Computer Engineering, or related field.
• Recognized industry certifications such as OSCP, OSCE, GREM, GXPN, CISSP, or GIAC GCTI.
• Experience developing or customizing tools for vulnerability discovery, data analysis, or threat emulation.
• Familiarity with secure software development practices, data protection, and privacy compliance requirements.
• Experience mentoring, leading small research teams, or managing cybersecurity projects.