Senior Security Researcher: Vulnerability Research
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
We are hiring a senior security researcher to own the path from a raw crash to a proven, reliable remote-code-execution chain. You will drive fuzzing, root-cause memory-corruption bugs, and develop exploits against hardened targets.
Key Skills for This Role
Responsibilities
- Drive coverage guided and differential fuzzing against browser engines, applications and binaries.
- Backtrace and root cause memory corruption bugs to their exact faulting condition.
- Classify and build primitives from memory bugs.
- Write exploits and chain primitives into full kill chains.
- Reverse engineer binaries and analyze engine internals at the assembly level.
- Defeat modern mitigations: ASLR, DEP/W^X, CFI/CFG, stack cookies, ARM64 PAC/MTE, and engine sandboxes.
- Harden chains for reliability and validate them with reverse and regression tests across builds.
- Feed every confirmed primitive and chain back into the research corpus.
Requirements
- Proven track record finding and exploiting memory corruption vulnerabilities in real, modern, hardened targets
- Fluent in assembly (x86 64 and ARM64)
- Strong memory testing and debugging methodology (sanitizers, record and replay, gdb/lldb/WinDbg, heap analysis)
- Hands on exploit development and chaining experience, including mitigation bypass
- Browser internals knowledge: at least one of V8, SpiderMonkey or JavaScriptCore
- Binary reverse engineering for applications and libraries (IDA, Ghidra, Binary Ninja)
- C/C++ and a scripting language (Python or similar) for tooling
Full Job Posting
Role Overview
- FORTE ST runs a permanent vulnerability research programme: continuous fuzzing at scale, deep memory bug analysis, and full exploit development against high value modern software.
- We are hiring one senior researcher to own the path from a raw crash to a proven, reliable remote code execution chain.
What you will do
- Drive coverage guided and differential fuzzing against browser engines, applications and binaries; design harnesses, grammars and corpora that reach deep code paths.
- Backtrace and root cause memory corruption bugs to their exact faulting condition: deterministic reproduction, minimisation, and a clear write up of why the bug happens.
- Classify and build primitives from memory bugs: out of bounds read/write, use after free, type confusion, uninitialised, memory, info leak.
- Write exploits and chain primitives into full kill chains: leak, corruption, control flow hijack, in process code, execution, then sandbox escape and privilege escalation.
- Reverse engineer binaries (closed source applications, libraries, components) and analyse engine internals at the assembly level.
- Defeat modern mitigations: ASLR, DEP/W^X, CFI/CFG, stack cookies, ARM64 PAC/MTE, and engine sandboxes such as the V8 heap sandbox.
- Harden chains for reliability (deterministic heap grooming, retry and cleanup) and validate them with reverse and regression tests across builds.
- Feed every confirmed primitive and chain back into the research corpus.
Must have (very senior)
- Proven track record finding and exploiting memory corruption vulnerabilities in real, modern, hardened targets (not just CTF, though CTF pedigree is welcome).
- Fluent in assembly (x86 64 and ARM64): you read and reason about disassembly comfortably.
- Strong memory testing and debugging methodology: sanitizers (ASan/MSan/UBSan), record and replay (rr), gdb/lldb/WinDbg, heap analysis.
- Hands on exploit development and chaining experience, including mitigation bypass.
- Browser internals knowledge: at least one of V8, SpiderMonkey or JavaScriptCore (JIT, garbage collector, object model), plus the surrounding IPC/sandbox.
- Binary reverse engineering for applications and libraries (IDA, Ghidra, Binary Ninja).
- C/C++ and a scripting language (Python or similar) for tooling.
Nice to have
- Published CVEs, advisories, conference talks, or a public exploit/research portfolio.
- Mobile platform research (Android or iOS): kernel, media pipelines, messengers.
- Fuzzilli / libFuzzer / custom REPRL harness experience.
- Patch diffing and n day reconstruction.
- Familiarity with using LLMs to accelerate triage and first pass exploitation.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at FORTE
Senior SAP Security Consultant, KSA engagement
Riyadh, KSA
FORTE is mobilizing a senior team for a Tier-1 SAP cybersecurity assessment in Saudi Arabia. This is an 8-week on-site mission requiring hands-on SAP security expertise in S/4HANA, HANA, ABAP, or BTP. Candidates must hav
Maritime Security Officer (Vessel-Based) – UAE
Dubai, UAE
Job Description: We are seeking an experienced Maritime Security Officer for an immediate deployment in the UAE. The ideal candidate must have proven experience providing security and asset protection onboard vessels. Re
Satellite communications and IT maritime systems
Dubai, UAE
FORTE CORP. is seeking a highly experienced senior satellite communications and maritime systems specialist to support ongoing maritime operational missions involving vessel-to-ground communications, operational continui
Cargo Vessel Crew Member
Dubai, UAE
Company Description FORTE is committed to empowering its clients by enhancing their integration into local contexts, offering professional on-the-ground support in challenging environments, and developing effective secur
Social Media Manager (Content Specialist)
Dubai, UAE
Role Summary As a Senior Social Media Manager, you will orchestrate and execute comprehensive social media strategies for multiple clients in the media and publishing space. Your primary purpose is to drive client succes
Senior SAP Security Consultant, KSA engagement
Riyadh, KSA
Maritime Security Officer (Vessel-Based) – UAE
Dubai, UAE
Satellite communications and IT maritime systems
Dubai, UAE
Cargo Vessel Crew Member
Dubai, UAE
Social Media Manager (Content Specialist)
Dubai, UAE