• Goa 2020
  • Resume and Career Clinic

Resume and Career Clinic

Time: 10:00 hrs to 13:00 hrs
Date: March 7th, 2020
Place: TBD

The first step towards a new job or change in career in any industry is to have a proper resume and Infosec is no different. It is always a great thing to have a solid resume of your skills and experience to make an impression on the hiring team.

At Nullcon, we have a focused track with guidance to provide the necessary tools and knowledge required for infosec job search, career development, and advancement. Resume reviews and career guidance sessions provided by industry recruiters and leaders.

Our community reviewers who have a huge amount of combined experience in interviewing, and vetting candidates are ready to put their experiences to work to help you by providing feedback and guidance.

Sign up for resume review and career guidance (Walk-ins will be allowed on first come first serve basis based upon availability) Please bring a paper copy of your current resume or your own laptop with a digital copy (no USB).

registration-open

InfoSec Job Openings from NULLCON Sponsors & Exhibitors

We have put together a number of amazing job opportunities in the most renowned companies that also support NULLCON Goa 2020! If you are looking for a new position or thinking about a career change, definitely have a look at the list below. Good luck!

audius India Private Limited is looking for a Director Business Development Security Services APAC - commencing on asap.

Your Role and Responsibility:

You will be responsible and accountable for the business operations of the audius subsidiary in India. Your role is imperative for the success of the audius Group and our Security Portfolio in APAC. You will develop, implement and maintain methods and measures for successful relationship management towards clients, university and business partners. Further you maintain the marketing and the skill- and resource management, along with a modern recruiting strategy. Your role includes the disciplinary supervision for the audius India Private Limited employees. You work in close relationship with the Director Security and Research APAC for the consulting projects, with our business administration team for accounting, payroll, contracts, and the Germany based Security and Audit Team. You report to the Division Directors SIAS & Consulting, audius GmbH Germany. In the performance of your duties for the new incorporated audius India, you are required to take the lead in laying the foundation of this company and take charge for new tasks, roles and responsibilities! Your appointment will be governed by the general terms and conditions of employment with audius India Private Limited, your place of work will be the audius Office in Pune.

Company Name: CloudSEK
Location: Bangalore
Designation/Role: Cyber Security Analyst
Contact details to submit a CV: [email protected]

About the Company and Products:

CloudSEK is a SaaS-based Artificial Intelligence-powered Digital Risk Management enterprise. Our monitors track our client’s various Internet-based resources for potential security risks. Instead of using traditional static threat detection engines and manual verification process our monitors use Machine Learning and Artificial Intelligence to identify risks.

Job Description:

An ideal Security Analyst will demonstrate an aptitude for learning new technologies, evidenced by the ability to expand upon core knowledge. She/he should be highly analytical with the ability to derive facts quickly, methodically, and accurately. This is a pure technical role with partial customer facing responsibility to solve product and cybersecurity-related problems of low to high complexity and act as a focal point for Customer problem resolution. We will rely on you to provide timely and accurate analysis for the security incidents tagged on XVigil (CloudSEKs proprietary digital risk monitoring platform).

Responsibilities:

Individuals will be responsible for analysing all the security incidents tagged by XVigil.
Use their skills to go one step ahead and identify any issues that are over the tools capabilities.
Take over a prospect completely when they sign-up for a demo and continuously monitor their dashboard.
Investigate security breaches and other cybersecurity incidents.
Document security breaches and assess the damage they cause.
Ability to identify web app vulnerabilities and explain how to avoid them.
Other duties as may be assigned by management.

Skills Required:

The ability to think logically.
Solid team player.
Ability to interact confidently with clients to identify what the security problem is and explain the solution.
Problem-solving skills
The ability to prioritize your workload and time management skills
Enjoys problem-solving and displays an eagerness to learn new technologies/skills.

Technical Expectations:

A bachelor's degree in Computer Science or a closely related degree is required for the position.
0-2 years’ experience in information security or related field.
Solid knowledge in cyber security, must know the general attack vectors and attack scenarios.
Intermediate level of knowledge of networking technologies, internetworking devices, and protocols.
Intermediate level knowledge of Firewall, VPN, IDS, and related network security design and implementation.
Experience with web application penetration testing and techniques.

Company Name: Copart
Location: Hyderabad, India
Designation/Role: Application Security Engineer
Contact details to submit a CV: [email protected]

Responsibilities & Tasks:

3+ years of experience in Application security testing, Source Code review and Mobile Application Security testing.
Understanding of application security attacks like Injection, Authentication, Authorization, Session management, XXE, SSRF, API Security, iOS pentesting, source code review
Good to have any of these certifications CEH, Security+, CCNA, OSCP, CISSP etc.
Good verbal and written communication
Should be able to script in python
BTech, MTech, or BE/ME, in Information Technology background

Job Duties:
1. Work with internal development teams to gather information and perform SAST, DAST and Manual testing
2. Work with developer teams to provide technical details for defects and provide detailed solutions.
3. Ability to work with cross functional team to work and solve security issues in Copart Environment
4. Implement, test and operate advanced software security techniques in compliance with technical reference architecture
5. Conduct developer trainings
6. Development experience is plus.

Specific Skill Sets Required:

Web & Mobile App Pentesting, Source code review, and SDLC training.

Company Name: Cyware Labs
Location: Mumbai Or Bangalore
Designation/Role: Solution Architect / Solution Engineer
Contact details to submit a CV: [email protected]

Responsibilities & Tasks:

Complete understanding and acquiring complete command of Cyware products (products for SOC, IR, TI and TH)
Triage and Respond to requirements from customers related to products
Design, develop and deliver the solutions to the customer based on the requirements shared
Support development of security integrations with Cyware products to achieve common use cases in information security management.
Design and develop incident response playbooks for the customer as per attack scenarios defined
Deploy the cyware products suite using automation frameworks knowledge like Ansible.
Provide feedback/suggestions to product management based on the experiences.
Work with the customers to ensure they are leveraging the solution and achieving use cases.
Assisting in Cyware products deployment and upgrades to customers and partners
Performing research on current market trends and providing analysis to the various internal teams.

Specific Skill Sets Required:

Minimum 3-5 year of experience in the security domain in product or services side.
The candidate should have experience in the management of at least 1 security product in a customer facing environment.
Should have experience in creating solutions for customers based on the understanding of the requirement.
The candidate should have experience with the management of information security tools such as SIEMs, SOAR, TIP, EDR, IPS, Sandboxes, Vulnerability Management, etc.
Should have a knowledge of security incident response and Cyber Threat Intelligence management
Good understanding of SOC/security management workflows in enterprise organizations.
Working knowledge of Python, JSON and familiarity with Rest API Integration is required.
Strong Application / Operating System / Networking troubleshooting skills
Excellent oral and written communication skills.
Good Analytical & development skills.
OS expertise (windows,linux, Mac OS)
Python development skills would be preferred.

Security Analyst

HackerOne is looking for security-minded, customer-service oriented individuals to join the team responsible for HackerOne’s Fully Managed service offering. You will be responsible for vetting security vulnerability reports from some of the world's best hackers being submitted to Fortune 500 and other companies as part of their bug bounty programs. You will have the opportunity to work with some of the best hackers in the world and the security teams behind some of the most competitive bug bounty programs, gaining hands-on experience with thousands of vulnerabilities unique to HackerOne's customers.

The ideal candidate will be a self-starter, a problem solver, a great communicator, and detail oriented.

This role requires that you have both excellent communication skills to serve as the glue between the hacker community and companies running bug bounty programs, as well as the technical capacity to ensure every bug report is reproducible and provides value to each customer.

This job is remote and can be performed from anywhere in the United States. Apply HERE!

WHAT WE DO

HackerOne is the #1 hacker-powered pentest & bug bounty platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Goldman Sachs, PayPal, Hyatt, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,500 other organizations have partnered with HackerOne to find over 130,000 vulnerabilities and award over $65M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, France and Singapore.

As a team, we believe in integrity, transparency, trust, collaboration and community. We believe in the positive power of hackers and work tirelessly to promote the success of our community to the broader, mainstream audience.

WHAT YOU WILL DO

● Review incoming vulnerability reports and reproduce issues, assessing the severity and impact of each issue within the context of each organization’s threat model
● Work with hackers to identify missing information in reports, as well as help educate the community when reports are incorrect
● Write a brief summary for each report, including clear reproduction steps, the impact of the issue, and remediation advice
● Coordinate with our Customer Success team and customers to ensure smooth triage workflows for any programs you work with
● Ensure clear and efficient communication between hackers and customers
● Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success

WHAT WE ARE LOOKING FOR

● Top notch communication skills: need to be able to firmly, yet politely, respond to non- issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format
● Strong technical knowledge around web application security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk
● In-depth knowledge of security fundamentals, including OWASP Top 10 and other common application security vulnerabilities. The Web Application Hacker’s Handbook is a great resource to be familiar with.
● Familiarity with and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of each customer’s threat model.
● Familiar with vulnerability disclosure and bounty programs, including: report formatting and content, confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
● Ability to prioritize and organize operationally complex work, with great attention to detail

NICE TO HAVES

● Security consulting experience, such as: vulnerability assessment, code review, and penetration testing
● 1+ years customer service or IT support experience
● Network and web-related protocol knowledge (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
● CISSP, OSCP/E, GWAPT, GPEN, GXPN certification is helpful, but not a necessity
● Additional experience in IT, security engineering, system and network security, authentication and security protocols, and applied cryptography
● Bootrom assessment experience
● Experience with Dalvik/ART and Dex bytecode analysis

Company Name: Honeywell Technology Solutions Lab Pvt Ltd
Location: Bangalore
Designation/Role: Product Security Leader
Contact details of a responsible person or URL to submit a CV: [email protected]
or
https://honeywell.csod.com/ux/ats/careersite/1/home/requisition/218532?c=honeywell

Honeywell is a Fortune 100 company with global sales surpassing $40B and has been one of Fortune’s Most Admired Companies for over a decade. Through innovation the company brings together the physical and digital world to tackle some of the toughest societal and business problems – making the world a more productive, safe and sustainable place. The business is organized into five primary groups: Aerospace (including automotive); Building Technologies; Performance Materials and Technologies; Safety and Productivity Solutions; and the Connected Enterprise.
Honeywell Building Technologies (HBT) is a global leader with more than $5B revenue in developing products, software’s and technologies that are installed in more than 10 million buildings worldwide. Commercial building owners and occupants use our technologies to ensure their facilities are safe, energy efficient, sustainable and productive. Building Technologies is organized into 3 primary business groups: Building Products, Building Management Systems & Building Solutions.
Join a team that will be responsible for assessing and evaluating the cybersecurity posture of Honeywell's Building Technologies products and technologies.

Product Security Leader:

The Product Security Leader reports to the HBT Vice President of Cyber Security with matrix reporting to the GBE’s Leader of Engineering with a primary focal point of all cybersecurity matters related to products made for that GBE products and service offerings. This is a senior leadership & technical (non-supervisory) role.

Responsibilities & Tasks:

 Influence and grow the senior leadership team on good cyber practices and their role as a steward of the product cybersecurity program. 
 Govern and enforce the effective implementation of product security practices in NPI (New Product Introduction) projects
 Provide training, coaching, and expert consultation in cybersecurity to leadership and development teams
 Ensure adoption of Product Security initiatives and ACS standard components across the GBE product lines
 Enable GBE leadership team to understand cyber risk and resource needs planning Act as the focal point for the GBE’s critical customer cybersecurity issues (PSIRT), product security compliance, and external security certifications
 Review and approve mandatory product security activities for the GBE’s Product Approval Committee (PAC)
 Institutionalize practices for identifying and quantifying product and portfolio product security risks
 Participate in HBT Software Security Group providing input on cyber policies, risk management, processes, technology development and strategy
 Maintain and report product security metrics of GBE’s products through their development life cycle for continuous improvement
 Monitor external security sources for vulnerabilities which impact GBE’s products Interface with Legal and Marketing Communications group to manage communications of security vulnerabilities in GBE’s products
 Review and approve security notifications to inform customers of urgent security issues which may impact their Honeywell products 
 Coordinate and track remediation of product security incidents
 Specific Skillsets Required (if any) : Product security, architecture level security concepts, incorporating cyber into software development and related programs.

Additional Responsibilities:

 Interface with Legal and Marketing Communications group to manage communications of security vulnerabilities in GBE’s products
 Review and approve security notifications to inform customers of urgent security issues which may impact their Honeywell products
 Coordinate and track remediation of product security incidents

Basic Qualifications:

 Bachelor's degree in Computer Science or Electrical Engineering or similar discipline with an emphasis on electronic system security or cybersecurity
 Excellent communication and leadership skills
 2+ years Technical leadership experience in the software cybersecurity field
 3+ years Familiarity with Cloud-based applications, PC/server-based software, mobile applications, and embedded software in the Automation and Control Systems domain
 4+ years with incorporating cyber into software development and related programs.  Strong knowledge of secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
 Understanding of security by design principles and architecture level security concepts  Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

Additional Qualifications:

 Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP or CISSP preferred 
 Master's degree in Computer Science, Electrical Engineering or similar discipline with an emphasis on electronic system security & Background in systems engineering

Company Name: NotSoSecure India Pvt Ltd
Location: Remote (India)
Title: Security Consultant

Responsibilities:

● Work individually or as a part of team delivering security assessments to NotSoSecure clients both remotely and onsite
● Perform web application penetration testing, infrastructure penetration testing, code reviews and/or mobile application penetration testing
● Exploit vulnerabilities identified in client systems
● Create assessment reports explaining technical and business risk of the vulnerabilities discovered including remediation recommendations for the clients
● Communicate vulnerabilities to clients
● Manage project related tasks as per communicated deadlines
● Keep abreast with latest technology risks and utilize them in projects
● Participate in project conference calls and lead the technical content on those calls

Key Skills and Requirements:

● Client facing consulting work experience performing penetration testing
● Strong technical skills in the areas of web application and web services penetration testing, infrastructure penetration testing and mobile apps penetration testing
● Experience with penetration testing tools and tool suites such as Burp Suite Pro, NetSparker, Kali Linux, SQLMap, Nessus, etc
● Programming language skills such as Java, .NET, C or C++ (nice to have)
● Experience working with at least one scripting languages such as Python, Ruby, Bash, JavaScript, etc.
● Operating systems skills such as Windows, Linux etc
● Excellent English language skills and ability communicate complex vulnerabilities to clients
● Spending time practicing skills on platforms such Hack the Box, Pentester Lab, Vulnhub, etc. and participating in CTF competitions
● Demonstrate high ethical standards
● Ability and Desire to travel up to 25% of the time (both nationally and globally)

Contact: [email protected]


Company Name: NotSoSecure India Pvt Ltd
Location: Senior Security Consultant
Title: Security Consultant

Responsibilities:

● Work individually or as a part of team delivering security assessments to NotSoSecure clients both remotely and onsite
● Perform web application penetration testing, infrastructure penetration testing, code reviews and/or mobile application penetration testing
● Exploit vulnerabilities identified in client systems
● Create assessment reports explaining technical and business risk of the vulnerabilities discovered including remediation recommendations for the clients
● Communicate vulnerabilities to clients
● Manage project related tasks as per communicated deadlines
● Keep abreast with latest technology risks and utilize them in projects
● Participate in project conference calls and lead the technical content on the call
● Support sales team during business development calls
● Participate in scoping efforts
● Provide technical mentorship to junior team members
● Contribute to the security industry through presentations, whitepapers and/or research

Key Skills and Requirements:

● 3+ years of experience in Information Security focusing on penetration testing
● 2+ years of client facing consulting work experience performing penetration testing
● Strong technical skills in the areas of web application and web services penetration testing, infrastructure penetration testing and mobile apps penetration testing
● Experience of code review in at least one programming language
● Familiarity with public cloud platforms such as AWS, Azure and Google Cloud Platform
● Programming language skills such as Java, .NET, C or C++ (nice to have)
● Experience working with at least one scripting languages such as Python, Ruby, Bash, JavaScript, etc.
● Strong operating systems skills such as Windows, Linux etc.
● Excellent English language skills and ability communicate complex vulnerabilities to clients
● Produced research papers, delivered presentations, and/or contributed to blogs
● Demonstrate high ethical standards
● Ability and Desire to travel up to 25% of the time (both nationally and globally)

Contact: [email protected]


Company Name: NotSoSecure India Pvt Ltd
Location: Principal Security Consultant
Title: Remote (India)

Responsibilities:

● Lead complex and long-term client engagements
● Deliver NotSoSecure consultancy services to the highest level of standards
● Perform web application penetration testing, infrastructure penetration testing, code reviews and/or mobile application penetration testing
● Act as a subject matter expert in one of the assessment areas
● Create and deliver trainings at conferences as well as private clients
● Lead research projects within the company
● Participate in project conference calls and lead the technical content on the call
● Support sales team during business development calls
● Participate in scoping efforts of specialized projects
● Provide mentorship to other consultants
● Perform review of deliverables, blog posts and whitepapers
● Contribute to the security industry through presentations, whitepapers and/or research

Key Skills and Requirements:

● 6+ years of experience in Information Security
● 4+ years of client facing consulting work experience performing penetration testing
● Strong technical skills in the areas of web application and web services penetration testing, infrastructure penetration testing and mobile apps penetration testing
● Experience of code review in at least two or more programming languages
● Familiarity with public cloud platforms such as AWS, Azure and Google Cloud Platform
● Programming language skills such as Java, .NET, C or C++ (nice to have)
● Experience working with at least one scripting languages such as Python, Ruby, Bash, JavaScript, etc.
● Strong operating systems skills such as Windows, Linux etc.
● Produced research papers, delivered presentations, and/or contributed to blogs
● Excellent English language skills and ability communicate complex vulnerabilities to clients ● Demonstrate high ethical standards
● Ability and Desire to travel up to 25% to 50% of the time (both nationally and globally)

Contact: [email protected]

Company Name: OPPO
Location: Mumbai, India ; Shenzhen, China
Designation/Role: Internet Service Security Operations Engineer

Job Description:

1. Responsible for security vulnerability report assessments;
2. Responsible for security testing of internet services in India region;
3. Responsible for brand promotion of OSRC in India and Southeast Asia;
4. Responsible for security testing of regional internet services in India;
5. Technical communication support and project implementation of security products or services with local Indian security companies.

Job Requirements:

1. Bachelor degree or above, two years of working experience in security related;
2. Experience in common penetration testing methods, including Web, APP, etc;
3. Fluent in written and verbal English, willingness to work onsite between China and India under different cultures;
4. Willingness to learn Chinese , ability to speak Chinese is preferred.

Please send resume to [email protected] and indicate [CV] in the email header.

Company Name: Secfence
Location: New Delhi
Designation/Role: Vulnerability Researcher

About Secfence:

Secfence is a product-based Information Security company based out of New Delhi. We take pride in counting all major Indian Government & Defense organizations as our customers. We’re a high growth organization and are expanding internationally as well!

We promise the opportunity to work with super-friendly and hardcore-tech developers and hackers, including a great work environment & benefits.

Secfence is looking for individuals passionate about Reverse Engineering, Vulnerability Discovery and Exploit Development to join our Team.

This is a full-time position based out of New Delhi. Multiple openings.

Must-Haves:

• Prior experience of IDA-Pro, R2 or similar reverse engineering tools.
• Experience in binary diffing/patch analysis.
• Fluent in C/C++ and at least one of: Intel/MIPS/ARM assembly code.
• Knowledge of scripting languages, such as Python, Ruby, JavaScript etc.
• Minimum 1 year of proven experience with vulnerability research/exploit development.
• Ability to correctly understand/identify vulnerabilities in C/C++ source and at least one architecture’s assembly language.
• Significant expertise on the internals of at least one platform (Windows / Android / iOS / MacOS / Linux).
• Understands modern vulnerability classes and exploit mitigation techniques and how to defeat the most widely proliferated of those techniques.

Good to have:

• Has implemented fuzzing techniques and/or solvers to identify vulnerabilities.
• Experience implementing robust binary instrumentation on at least one target platform.
• Userland/Kernel/Systems Development Experience in any of Windows / Android / iOS / MacOS / Linux.

Notes:

• We do not prioritise or require any formal academic qualifications.
• While considering “Proven Experience” Practical Experience > Industry experience.

Company Name: SpellSecurity Pvt Ltd
Location: Bangalore or Chennai

SpellSecurity Research Lab (https://www.spellsecurity.com/spelllabs) is looking for a senior R&D Engineer in Threat Research. This is a key contributor position with good growth potential. We offer excellent pay package for the right candidate.

Responsibilities:

Research advanced malwares and exploits. Research APT groups
Research OS and application internals and vulnerabilities
Take part in breach investigations and threat hunting
Develop content and models for threat detection and hunting
Contributed to our threat intel reports and platform
Write research papers

Requirements:

B-tech or M-tech From reputed university
2-10 year experience in malware or exploit research or forensics
Good understanding of tools of the trade IDA Pro, Debuggers etc.
c++, Assembly and python programming
Excellent communication skills

Send applications to [email protected]

Cyber Threat Researcher

Volon Cyber Security is boutique Information security organization working in the field of Cyber Threat Intelligence.

We require a strong candidate who is able to monitor and report cyber threat activity by utilizing their analytical skill set.

Candidate must be self-learner and should be able to work independently with minimal assistance and available online resources and should be flexible to travel nationally and internationally for project delivery.

Responsibilities:

 Monitor the online cybercrime underground space and cyber-criminal activities, in both Clearnet & Darknet.
 Identify and evaluate new data sources informing the Cyber Crime activities.
 Writing the research reports and end customer deliverable
 Using advanced open source intelligence (OSINT) on the surface, deep, and dark web to identify indicators of malicious activity targeting our customer and/or related organizations.

Skills required:

 Strong Computer fundamentals
 Interested in cyber-crime research & have can-do attitude.
 Good analytical skills
 Certification of CEH, OSCP and other cyber security is plus but not necessary
 Avid user of forums, IRC, Jabber, Discord, Telegram etc.
 Knowledge of tools such as SQLMap, BurpSuite, Metasploit
 Must have experience in vulnerability assessment & penetration testing.
 Should have knowledge of cyber threats, malwares, APTs, exploits etc
 Familiarity with the DarkNet, DeepWeb, and other sources of cyber-criminal activity.
 Must be interested to learn new technologies and skills.
 English-language fluency.
 Programming knowledge would be add-on

Language Proficiency:

English/Hindi/any Other international language such as Arabic, Russian, Japanese, Chinese, German, Italian is plus.

Desired Experience:

0-2 years


Technical Content Writer

Volon Cyber Security is boutique Information security organization working in the field of Cyber Threat Intelligence.

We require a strong candidate who is able to monitor and report cyber threat activity by utilizing their analytical skill set.

Candidate must be self-learner and should be able to work independently with minimal assistance and available online resources and should be flexible to travel nationally and internationally for project delivery.

Responsibilities:

 Write, publish, and maintain technical content, including security blogs & technical reports on cyber threats.
 Suitably understand the underlaying reporting requirements based upon customer needs
 Work with research team to understand the threat landscape and prepare timely reports for threat intelligence products.
 Research on Open Source Blogs/News to identify threat activity reporting by industry peers and prepare summarized reports.
 Manage multiple competing priorities in a fast-paced and constantly changing environment.

Skills required:

 Strong Computer fundamentals
 String Cyber Security Fundamentals
 Interested in cyber threat analysis and passionate to learn new technologies/concepts.
 Good analytical skills
 English-language fluency.
 Excellent writing skills, oral communication, and grammar skills.

Language Proficiency:

English/Hindi/any Other international language such as Arabic, Russian, Japanese, Chinese, German, Italian is plus.

Desired Experience:

0-4 years

Security Researcher

You’re missing the freedom to create your dream and the opportunity to make an impact. When you join xen1thLabs, you’ll find that freedom and plenty of opportunities to immediately make an impact. xen1thLabs has several open positions for security researchers in the domains of Crypto, Hardware, Software and Telecom. Positions are available at all levels (Junior, Senior, Lead, and Principal) and will be determined based on the applicant’s experience.

As Security Researcher, you will:

 Work on medium to large security projects
 Analyze applications, devices, protocols, and crypto systems to understand how they work, where they have weaknesses and demonstrate how identified vulnerabilities can be exploited by developing Proof-of-Concepts
 Assist management with certain requests
 Deliver security reports by performing security audits
 Nurture relationships with all clients
 Improve testing methodologies
 Perform technical QA on security reports
 Scope security assessments
 Develop custom scripts for vulnerability discovery during projects
 Write comprehensive security assessment reports for developers and upper management
 Produce accurate security advisories to vendors, bug bounty programs or publish full analysis report and Proof-of-Concepts on our GitHub / blog or through our publications, present at conferences or create white papers
 Join a diverse team of passionate security experts as a valued member
 Work in a lab environment with cutting edge equipment
 Enjoy all the cultural, educational and travel opportunities Abu Dhabi offers
 Be responsible for development and delivery of high performance implementations for CPU, GPU, and FPGA architectures
 Evaluate and assess weaknesses in information security systems ranging from single cryptographic primitives to complex protocol analysis, from classical ciphers to the newest lightweight and post-quantum schemes as well as distributed ledgers
 Be involved in the analysis of cryptosystems developed within Digital 14 products and collaborate with world-class teams of software, hardware, network, and telecommunication engineers
 Implement mathematical and statistical models to solve data security problems
 Conduct and leverage research in practical cryptanalysis and implementations
 Mentor and coach colleagues in your area of expertise

What you’ll need:

 BS/MS/PhD in Electrical Engineering, Computer Science, Computer Engineering, Math or the equivalent in experience and evidence of exceptional ability or obtained relevant security certifications
 4+ years of experience in Security Research and Professional work or practical cryptanalysis
 Proficient in one or more assembly languages (x86/64, ARM, etc…)
 Expertise in one or more scripting languages (e.g., Python, GO or Ruby)
 Foundation in computer architecture, network, web technologies, Operating Systems or embedded systems
 Understanding of cryptography, protocol analysis, threat modeling, vulnerability research and fuzzing
 Experience of working with secure coding methodology, best practices and their implementation within engineering teams
 Proven participation in responsible disclosure of vulnerabilities, blog, Capture the Flag events, presented at known security conferences and Bug Bounty programs would be an advantage
 Strong foundations in computer architecture, network, web technologies, Operating Systems or embedded systems
 Excellent written and verbal communication skills; including the ability to convey highly technical information to non-technical audiences
 Team spirit and passion for working with a diversity of bright minds to achieve groundbreaking research and development

For the Crypto lab:

 Comprehensive experience with high performance computing and algorithm runtime analysis
 Deep understanding of state-of-the-art cryptographic primitives and protocols
 Knowledge about implementation attacks and proven ability to provide proof-of-concepts
 Extensive experience developing in various programming languages (Python, C/C++, Assembly, OpenCL) and frameworks (e.g. CUDA, parallel computing)
 Experience in programming FPGAs in VHDL/Verilog would be considered a plus
 A passion for solving complex puzzles

For the Hardware lab:

 Comprehensive understanding of the security challenges for IoT devices
 Deep understanding of various hardware security vulnerabilities, threats and attack vectors on different IoT devices, reverse engineering and mitigation techniques
 Experience in hardware security assessment, exploitation of debug features (like UART/JTAG/I2C), memory dumping, code reverse engineering, and the relevant mitigation techniques for various classes of vulnerabilities
 Deep understanding of consumer electronics, hardware security, applied cryptography, threat modeling, vulnerability research
 Strong foundations in computer architecture, firmware/UEFI, secure boot, operating systems, TEE, and embedded systems
 Experience in SCADA and Industrial Control Systems security research and security assessment
 Comprehensive understanding of PLC, RTU, IED, PID, HMI, DCS and relevant protocols like HART, PROFIBUS
 Deep understanding of various hardware security vulnerabilities, threats and attack vectors on different SCADA environments, reverse engineering and mitigation techniques
 Experience in embedded security research and security assessment
 Comprehensive understanding of security assessment methodologies, like CC/EMVCO, and NIST/FIPS
 Deep understanding of smart cards, embedded security, applied cryptography, threat modeling, and vulnerability research
 Strong foundations in signal processing, statistics, and embedded systems
 Expertise in VHDL/Verilog would be an advantage
 Proven hands-on expertise in one or more of the following are an advantage:
o EM/Power/timing side-channel analysis,
o Micro-architectural side-channel analysis (SPECTRE/MELTDOWN/FORESHADOW),
o EM/Laser Fault Injection,
o Voltage/clock glitching
o Software-based fault injection (ROWHAMMER)

For the Software lab:

 Deep understanding of various software security vulnerabilities, threats and attack vectors on different environments, and reverse engineering
 Research experience in software and/or devices such as Operating Systems, ICS, smart cards, web servers, Smartphones, email servers, web applications, clients and readers etc.
 Software development experience in at least three of these languages: C/C++, C#, Java, JavaScript, PHP, Objective C)
 Foundation in iOS/Android development of native, web and hybrid apps
 Familiarity with iOS or Android Internals on Application as well as OS/kernel level such as IPC (Mach, XPC), Code Signing, Sandboxing, dyld shared cache etc
 Understanding of the latest security mitigations such as PAC, PPL, and CoreTrust
 Experience in identifying zero-days, malicious code including memory corruption bugs, for example: stack overflows, heap overflows, integer overflows, and logic flaws
 Understanding of various software security vulnerabilities, threats and attack vectors on different environments, reverse engineering and mitigation techniques
 Experience in binary analysis, debugging and exploit development and the relevant mitigation techniques for various class of vulnerabilities

For the Telecom lab:

 Powering through reverse engineering and/or long specifications (e.g. WiFi) of protocols
 Interest particularly in protocols widely deployed but still without much security review
 Ability to recognize typical weaknesses in unknown protocols, in various classes of vulnerabilities (jamming, spoofing, replay, relay, PHY reverse engineering, etc)
 Creativity to devise new attacks definitely a plus
 Proven participation in responsible disclosure of vulnerabilities, blog, Capture The Flag, known security conferences and bug bounty programs would be advantageous

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved