Security Researcher - Vulnerability Assessment Team

  • Category: Research & Development
  • Team: Security Research
  • Location: Waterloo, Ontario

Description

Position at Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.

The Security Researcher is a member of the vulnerability assessment team, which focuses on the development of tools to detect and validate the existence of vulnerabilities on remote systems. The development is done on our in house designed network scanning tools.  The vulnerability assessment team focuses on network detection of known vulnerabilities and the finding of new vulnerabilities in software to be responsibly disclosed to the vendors and implemented in our network scanning tools.

The candidate will be a key team member of the vulnerability assessment team whose focus will be tracking new vulnerabilities, identifying how those vulnerabilities are exploited and writing code that detects the presence of or exploits those vulnerabilities.

Reporting to:
Manager Security Research, Spiderlabs Research


Responsibilities:

  • Work on complex security research and development
  • Write vulnerability checks for our vulnerability scanning technology to detect presence of vulnerabilities locally or remotely
  • Create service and application fingerprints
  • Implement frameworks for existing network protocols
  • Maintain the vulnerability scan engine and extending its feature set and detection methods
  • Write clear and concise definitions of vulnerabilities and remediation
  • Research, reverse software to find new security vulnerabilities
  • Adhere to policies, procedures, and security practices
  • Document actions in tickets to effectively communicate information internally and to customers
  • Resolve problems independently and understand the correct escalation procedures

Requirements/Qualifications:

  • Expertise in design, architecture, administration, patching and maintenance of Windows/*nix-based Operating Systems, MacOS X knowledge is a plus
  • In-depth knowledge and understanding of Linux/Unix system internals, understanding of Windows system internals is a plus
  • Demonstrable ability to code with one or more programming/scripting languages. Ruby experience is a plus
  • Ability and experience in showcasing original research externally – via blogs, white-papers, etc.
  • Ability to work independently as a researcher as well as part of a larger team
  • Understanding of common vulnerabilities and exploit techniques
  • Experience using network analysis tools like Wireshark and tcpdump
  • Experience with designing and building automation frameworks is a huge plus
  • S. degree in Computer Science or a related field, or equivalent work experience
  • 2-4 years of experience in security research or a similar field is a plus


Education:
We prefer college-educated applicants, but at minimum, high school diploma or equivalent is required for employment.

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

To All Agencies:
Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

 

Share this opportunity

Trustwave is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely.Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries.

To All Agencies: Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.