Tenable is looking for a Research Engineer to join our vulnerability detections research team. This position will involve researching existing vulnerabilities, looking for new vulnerabilities, and developing checks/plugins to detect these vulnerabilities via our products. This role will involve some interfacing with stakeholders outside the Research team.
- Works on advanced research and development initiatives
- Implements advanced detection logic while minimizing false positives & false negatives
- Participates in detection logic discussions and the research of new methods for detection
- Interfaces with stakeholders on externalizing the outcomes of some of the research
- Helps other researchers on the team, when needed
What You'll Need:
- Keep abreast with the advancements and developments in the security industry and perform original research to keep our customers secure
- Develop detection scripts for Tenable’s sensors (Nessus vulnerability scanner and others) based on the research findings
- Research and develop methods of detection for additional services and products from different vendors
- Demonstrably strong programming skills in two or more languages
- Ability and experience in showcasing original research externally – via blogs, white-papers, etc.
- Ability to work independently as a researcher as well as part of a larger team
- Experience working with multiple operating systems (proficiency with Linux a must)
- Excellent written and verbal communication skills
- Adaptable and able to shift priorities among initiatives, as needed
- Meticulous in terms of quality & accuracy of work
- Initiative and drive to explore and learn continually
- B.S. degree in Computer Science or a related field, or equivalent work experience
- At least 2 years of R&D experience
- Some prior experience performing open-ended security research when given high-level requirements and details of the desired outcome
- Understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques
- Protocol analysis and interaction. Knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing
- Experience with pen-testing, researching, discovering, or publishing vulnerabilities
- Reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
- Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages
- Experience with systems administration and be comfortable working at the command line
- One or more security related certifications (e.g. OSCP)
If you’ve reached this point in the job description and feel you’re still not sure if you should apply…Just do it! We know there are no perfect applicants. You may not have 100% of all those bullets listed above - and that’s okay. If you’re feeling like you’re not going to fit in with our teams - that’s not ok. We're One Tenable which means however you identify and whatever background you bring with you, we encourage you to submit an application if it’s a role you can be passionate about doing every day.
We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels.