Careers

Location: on-site, Abu Dhabi (relocation is mandatory)

We’re looking for an experienced Windows Vulnerability Researcher to join our lab in Abu Dhabi.

The ideal candidate for this position should possess a deep understanding of security concepts and a strong knowledge of the Windows operating system’s internals. They should also have a track record of successful vulnerability research. Additionally, the candidate should have experience identifying software vulnerabilities, binary auditing, reverse engineering, fuzzing, and source code review. Finally, they should be comfortable developing exploits.

They should possess strong critical thinking skills and a passion for solving challenging problems and obstacles creatively and efficiently. They should be self-motivated and have a solid will to undertake long-term projects and responsibilities. The candidate must be able to work independently with minimal supervision and collaborate in a team to solve complex problems.

Responsibilities:

• Conduct vulnerability research, reverse engineering, fuzzing, and static analysis on Windows OS core components (userland or kernel) or third-party enterprise/consumer applications (e.g., Office Suite, Adobe Acrobat, VPNs, AV/EDR, Backup Solutions).
• Develop proof-of-concept code, exploits and attack techniques.
• Perform root cause analyses, document and validate exploits.
• Provide insights and ideas to the research team.
• Stay up-to-date with Windows OS security, features, and updates.
• Develop research tools for public and internal use.
• Publish blog posts on crowdfense.com.
• Participate in technical training, present research or attend security conferences such as Blackhat and DEFCON.

Requirements:

• Demonstrated ability to discover and exploit high-impact zero-day vulnerabilities (e.g. RCE, LPE, Sandbox escape) in Windows OS (userland or kernel) and/or market-leading 3rd parties’ enterprise and consumer products.
• Previously published exploits, CVEs, blog posts, techniques, technical analyses of vulnerabilities, or presentations in security conferences or webcasts. Please show us what you’re passionate about.
• Deep knowledge of the Windows OS architecture and internals.
• A broad understanding of predominant bug classes and exploitation techniques (exploitation experience is required). We don’t expect you to know everything, but you should be comfortable digging in to learn and apply new or unfamiliar techniques when needed.
• Thorough understanding of current and upcoming security mitigations.
• Ability to conduct long-term and widely scoped security research projects as part of a broader team effort.
• Reverse engineering skills.
• Fluent in C/C++ and Intel assembly code.
• Competency with debuggers and IDA Pro.
• Good written English.
• Willingness to mentor and help other team members understand key concepts. (You won’t need to manage people).

We know that the best ideas and solutions come from teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don’t be shy and apply today.

Benefits:

• Finance: Highly competitive base salary with an additional monetary bonus system based on exploitable vulnerability findings.
• Career Development: Further your career by joining a team of established and experienced security researchers.
• Training and Conferences: Opportunities for paid travel to conferences and trainings.
• Off-topic Research: We allow researchers to spend up to 25% of their time researching other topics, building and breaking the things they love.
• Relocation Package and Wellness: We offer a prime wellness program to promote a healthy lifestyle and work-life balance. This program includes, but is not limited to, Health and Life insurance, Dental and Vision, mental health coaching, and more.