{bc}
linkedin

Senior Security Researcher: Vulnerability Research

FORTE
Dubai, UAE
Contract
Senior
1 months ago
Vulnerability ResearchFuzzingExploit DevelopmentReverse EngineeringAssembly (x86 64, ARM64)C/C++
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

Vulnerability ResearchFuzzingExploit Development
Smart Apply

Full Job Posting

Role Overview

  • FORTE ST runs a permanent vulnerability research programme: continuous fuzzing at scale, deep memory bug analysis, and full exploit development against high value modern software.
  • We are hiring one senior researcher to own the path from a raw crash to a proven, reliable remote code execution chain.

What you will do

  • Drive coverage guided and differential fuzzing against browser engines, applications and binaries; design harnesses, grammars and corpora that reach deep code paths.
  • Backtrace and root cause memory corruption bugs to their exact faulting condition: deterministic reproduction, minimisation, and a clear write up of why the bug happens.
  • Classify and build primitives from memory bugs: out of bounds read/write, use after free, type confusion, uninitialised, memory, info leak.
  • Write exploits and chain primitives into full kill chains: leak, corruption, control flow hijack, in process code, execution, then sandbox escape and privilege escalation.
  • Reverse engineer binaries (closed source applications, libraries, components) and analyse engine internals at the assembly level.
  • Defeat modern mitigations: ASLR, DEP/W^X, CFI/CFG, stack cookies, ARM64 PAC/MTE, and engine sandboxes such as the V8 heap sandbox.
  • Harden chains for reliability (deterministic heap grooming, retry and cleanup) and validate them with reverse and regression tests across builds.
  • Feed every confirmed primitive and chain back into the research corpus.

Must have (very senior)

  • Proven track record finding and exploiting memory corruption vulnerabilities in real, modern, hardened targets (not just CTF, though CTF pedigree is welcome).
  • Fluent in assembly (x86 64 and ARM64): you read and reason about disassembly comfortably.
  • Strong memory testing and debugging methodology: sanitizers (ASan/MSan/UBSan), record and replay (rr), gdb/lldb/WinDbg, heap analysis.
  • Hands on exploit development and chaining experience, including mitigation bypass.
  • Browser internals knowledge: at least one of V8, SpiderMonkey or JavaScriptCore (JIT, garbage collector, object model), plus the surrounding IPC/sandbox.
  • Binary reverse engineering for applications and libraries (IDA, Ghidra, Binary Ninja).
  • C/C++ and a scripting language (Python or similar) for tooling.

Nice to have

  • Published CVEs, advisories, conference talks, or a public exploit/research portfolio.
  • Mobile platform research (Android or iOS): kernel, media pipelines, messengers.
  • Fuzzilli / libFuzzer / custom REPRL harness experience.
  • Patch diffing and n day reconstruction.
  • Familiarity with using LLMs to accelerate triage and first pass exploitation.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at FORTE