Cyber Security Specialist

We are NOT looking for penetration testers who run scanners. We are looking for creative and deeply technical offensive security experts who build their own tools, discover novel vulnerabilities, and think like real-world adversaries.

This role requires a relentless passion for breaking things, a deep understanding of systems at a low level, and the ability to develop custom solutions when off-the-shelf tools fall short.

I. Key Responsibilities

You will be a key contributor to our offensive security program, with a focus on three core areas:

1. Advanced Malware Development & Evasion:

- Design, develop, and implement custom malware, loaders, command-and-control (C2) frameworks, and post-exploitation toolsets from scratch.

- Research and discover new techniques to bypass leading Endpoint Detection and Response (EDR) and Antivirus (AV) solutions.

- Perform in-depth analysis of security products to understand their detection logic and develop methods for evasion (e.g., unhooking, direct system calls, memory-based execution,).

2. Cloud Security & Penetration Testing:

- Conduct offensive security assessments against complex cloud environments (AWS, Azure, GCP).

- Perform IAM privilege escalation, identify and exploit misconfigurations in containerized environments (Docker, Kubernetes), and attack serverless architectures.

- Develop custom tooling and scripts for automated reconnaissance and exploitation within cloud tenants.

- Simulate data exfiltration scenarios from cloud storage and databases.

3. Vulnerability Research & Exploit Development:

- Conduct binary-level vulnerability research on a wide range of targets, including desktop operating systems (Windows, Linux), network services, and IoT firmware.

- Develop reliable exploits for discovered vulnerabilities (e.g., buffer overflows, use-after-frees, race conditions, logic flaws).

- Utilize and develop fuzzing frameworks to discover zero-day vulnerabilities in COTS and custom software.

- Analyze and patch disassembled code to understand exploitability.

II. Required Qualifications

- 4+ years of hands-on experience in offensive security, red teaming, or vulnerability research.

- Expert proficiency in at least one compiled language (C/C++, Rust, Go) and one scripting language (Python, PowerShell).

- Deep, low-level understanding of operating systems: Windows internals (PE format, API hooking, memory management, tokens) and/or Linux internals (ELF format, syscalls, permissions).

- Expert-level skills in reverse engineering using tools like IDA Pro or Ghidra.

III. Preferred Qualifications (Bonus Points)

- One or more assigned CVEs to your name.

- Contributions to well-known open-source security tools.

- Experience with hardware hacking, side-channel attacks.

- Advanced security certifications (e.g., OSEP, OSCE, OSEE) are a plus, but practical experience and a portfolio of work are valued far more