Cybersecurity Engineer (Binary Vulnerability) - Information Security

3-5 years
14 days ago
Job Description

Job Description:

  • Conduct cyber risk assessment (red team engagement) in support of technology initiatives to emulate the APT adversary scenarios, and help identify IT related risk and determine appropriate controls to mitigate risks
  • Monitor, track, and manage unknown risk mitigations and exceptions, and ensure adequate monitoring capability is incorporated into solutions
  • Research the undiscovered vulnerabilities (0-day) against different IT infrastructures, including operating systems (Windows/Linux), cloud native (Kubernetes/Docker), network devices (routers/switches/firewalls/VPNs), and endpoint management (VMware Workspace ONE/IPMI)
  • Deliver the exploit code and plugins for identified vulnerabilities

Requirements:

  • Bachelor's degree or higher in Computer Science, Information Technology, Programming & Systems Analysis, Engineering, Statistics, or other related fields
  • Minimum 3 years of relevant work experience
  • Hands-on experience in writing standalone PoCs of infrastructure vulnerabilities, including writing exploit codes based on known PoCs of vulnerability descriptions
  • Familiar with common vulnerability classes such as buffer overflows, command injection, insecure deserialization
  • In-depth understanding of modern security mitigations and methods to bypass them (e.g. stack cookies, SafeSEH, DEP, ASLR, CFG, etc)
  • In-depth understanding of security mechanisms of Windows/Linux systems, and familiar with offensive techniques in ring0/ring3
  • Experience in vulnerability analysis, fuzzing, reverse engineering, or advanced exploitation techniques, with proficiency in tools such as IDA Pro, OllyDBG, WinDBG, GDB, Burp Suite, etc
  • Proficient in programming languages like Python, Go, or Java
  • Strong communication skills and effective teamwork spirit
  • Self-starter and fast learning ability

JOB TYPE

Function

Skills

Gdb
cyber risk assessment
advanced exploitation techniques
vulnerability analysis
offensive techniques
command injection
security mitigations
teamwork spirit
security mechanisms
SafeSEH
exploit code
DEP
vulnerabilities
fast learning ability
insecure deserialization
Go
CFG
red team engagement
ring0
IT related risk
ring3
PoCs
ASLR
stack cookies
About
Job Source: careers.shopee.sg

Shopee Pte. Ltd. is a Singaporean multinational technology company that specialises in e-commerce. The company was launched in Singapore in 2015, before it expanded abroad. As of 2021, Shopee is considered the largest e-commerce platform in Southeast Asia with 343 million monthly visitors.

Career Advice to Find Better