Firmware Vulnerability Analyst

Firmware Vulnerability Analyst
Finite State, United States

Experience
1 Year
Salary
0 - 0
Job Type
Full Time Job
Job Shift
Morning Job
Job Category
Admin
Traveling
No
Career Level
Non-Managerial
Telecommute
Remote/Online Job
Qualification
As mentioned in job details
Total Vacancies
1 Job
Posted on
Apr 7, 2021
Last Date
May 7, 2021
Location(s)
United States

Job Description

At Finite State, our mission is to protect the devices that power our modern lives by illuminating the vulnerabilities and threats within their complex software supply chains. We do this by leveraging massive data analysis to provide transparency to device manufacturers and their customers - enabling them to understand and mitigate their risks before they are compromised. We are seeking a Firmware Vulnerability Analyst to help us in that mission by identifying known and 0-day vulnerabilities in these critical devices at a scale that’s never been done before. If you are an experienced self-starter who enjoys working in a fast-paced, collaborative environment, then we want to talk to you! This position is fully remote.

Primary responsibilities for this position include:

  • Lead the identification and understanding of OT/IIoT/IoT device amp; network security vulnerabilities and providing information and remediation guidance to customers and the Ramp;D team
  • Lead efforts to identify amp; prioritize security risks and build/identify tools to find risks in embedded devices (with a focus on OT and IIoT devices)
  • Analyze common device firmware configurations, services, software applications, and protocols to discover known, new, and potential vulnerabilities
  • Identify 0-day vulnerabilities in devices and work with vendors for responsible disclosure
  • Create detailed technical reports and proof of concept code to document findings
  • Stay on top of the vulnerability and threat landscape for embedded devices, OT networks, and their supply chains. Prepare guidance on counter-measures.
  • Take advantage of opportunities to participate in working groups, customer meetings, proposal writing, and conferences
  • Collaborate with marketing, product and sales on case studies related to device vulnerabilities and threats

Candidates at a minimum must have the following:

  • Bachelor’s degree in Computer Science, Electrical Engineering, or related field and 5+ years of applicable experience identifying vulnerabilities.
  • Proven experience working in or leading a vulnerability research or threat analysis team
  • Strong experience in using SQL for complex queries and the ability to synthesize results
  • Demonstrated understanding of common vulnerability amp; software weakness classes and other standard frameworks
  • Familiarity with OWASP IoT Top 10 and relevant security vulnerability lists, sites, and bulletins
  • Direct experience working closely with software engineers, researchers, and stakeholders
  • Strong knowledge of embedded system architecture and development practices
  • Experience with system configurations (e.g., Linux, Unix) and hardening best practices
  • Experience with scripting languages, specifically Python and Bash
  • Experience with firmware reverse engineering using Ghidra or IDA Pro

It’s highly preferred (but not required) that the candidate have experience with:

  • Leading security and vulnerability management efforts in OT environments
  • Working in a product security team
  • ML-based models
  • Threat Hunting
  • Networking concepts and the OSI network stack
  • AWS or similar cloud platform development
  • Experience on small, fast-moving teams
  • Strong attention-to-detail and high quality standards
  • Demonstrated ability to propose solutions to diverse problems
  • Strong communication and presentation skills
  • Ability to adjust priorities quickly as circumstances dictate
  • Ability to work independently and as part of a team
  • Demonstrated initiative, follow-up, and follow through with commitments

About Finite State

Built on two decades of cybersecurity experience serving the Fortune 50 and the U.S. Intelligence Community, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

Finite State gives cyber defenders a tactical advantage by identifying the devices running on the network and proactively analyzing firmware buried inside the IoT devices for hidden vulnerabilities. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

At Finite State, we are dedicated to hiring a diverse workforce and are proud to be an equal opportunity employer. We offer competitive salary, equity, full benefits (medical, dental, vision, disability and life-insurance), 401k plan and unlimited PTO, because we believe it is important to unplug and recharge.

Come help us solve one of the biggest problems in cyber security!


Finite State is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose

Job Specification

Job Rewards and Benefits

More Jobs like this Job

Jobs in Amsterdam United States
Jobs in this company

Finite State

Information Technology and Services - Amsterdam, United States
© Copyright 2004-2024 Mustakbil.com All Right Reserved.