Bugcrowd · 3 days ago
Cleared Vulnerability Research Engineer
Alabama, United States
Full-time
Hybrid
Senior Level
$155K/yr - $194K/yrBugcrowd is a company that empowers organizations to combat threats by leveraging a network of elite hackers. The Cleared Vulnerability Research Engineer will focus on end-to-end exploit development, designing and validating novel vulnerability discovery capabilities against complex systems and software.
CrowdsourcingCyber SecurityPenetration TestingSecurity
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Design, develop, and validate novel vulnerability discovery and exploitation capabilities
Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
Demonstrate ability to discover new, novel vulnerabilities in complex systems
Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
Travel to customer sites as required
Perform on-site for extended periods of time
Qualification
Required
Design, develop, and validate novel vulnerability discovery and exploitation capabilities
Conduct expert reverse engineering of binaries (x86-64, ARM64, etc.) using industry-standard tools
Identify and exploit real-world vulnerabilities such as Use-after-free, Type confusion, Integer truncation, and Buffer overflow
Demonstrate ability to discover new, novel vulnerabilities in complex systems
Rapidly understand current vulnerability research and apply findings to identify new instances of vulnerability classes
Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery
Code and debug complex functions in C, Python, and Assembly (x86-64, ARM, etc.)
Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration
Travel to customer sites as required
Perform on-site for extended periods of time
Expertise in reverse engineering of binaries (x86-64, ARM64, etc) using tools such as Binary Ninja, Ghidra, or IDA Pro
Precise understanding of stack and heap objects and exploit-relevant vulnerabilities (e.g., Use-after-free, Type confusion, Integer truncation, Buffer overflow)
Demonstrated ability to discover new vulnerabilities, not just exploit known ones
Experience with both manual analysis and automated techniques (e.g., fuzzing)
Ability to code and debug C, Python, and Assembly (x86-64, ARM, etc)
Ability to independently translate an under defined mission objective into a concrete, technically novel capability
Comfort operating with minimal supervision
TS/SCI clearance required (inactive SCI acceptable if SCI-clearable)
Ability to travel to customer sites as required
Benefits
Discretionary bonus program or commission plan
Company
Bugcrowd
Bugcrowd is a cybersecurity company that operates as a platform for crowdsourced security testing.
Founded in 2012
201-500 employees
Funding
Current Stage
Late StageTotal Funding
$230.65MKey Investors
Silicon Valley BankGeneral CatalystRally Ventures
2024-10-31Debt Financing· $50M
2024-02-12Series E· $102M
2020-04-09Series D· $30M
Leadership Team
Dave Gerry
Chief Executive Officer
Braden Russell
Chief Product Officer
Recent News
Help Net Security
2025-12-12
mescomputing.com
2025-12-12
Company data provided by crunchbase