Vulnerability Researcher Solera Networks
Solera Networks is a fast growing software development company based in South Jordan, UT. We have developed industry-leading Security Intelligence and Analytics Technology that is changing the face of network security, incident response, and network forensics. Solera Networks strives to attract, cultivate and retain exceptional talent. With offices in Utah, Washington DC, California, Japan, India, Australia and the UK, Solera Networks provides a global focus on today's network security challenges. If you are interested in a growth opportunity, we encourage you to apply.
Solera Networks is seeking a Vulnerability Researcher to lead practical research, analysis, and the development of proofs of concept of cyber-offensive techniques. This position will be responsible for conducting and devising forms of ethical hacking with the intent of discovering exploitable weaknesses in information systems, and with the ultimate goal of enhancing the industry?s detection, protection, and remediation capabilities. The Vulnerability Researcher will work closely with the Solera Networks Threat Research and System Engineering organizations, and will report to the CTO.
Penetration Testing / Ethical Hacking ? Devise and perform a variety of tests and attacks against a variety of targets to discover exploitable vulnerabilities. Create documentation of methodologies and techniques for the purpose of responsible disclosure to affected vendors and to the public. PenTesting targets will include CWS-maintained laboratory equipment, Solera?s IT infrastructure (in collaboration with the IT organization), and Solera customers (exclusively by engagement). The purpose of these tests is to validate the security and ensure the integrity of IT assets, and to demonstrate the use of Solera technologies in the detections and investigations of such activities.
Fuzzing and Vulnerability Development ? Conduct protocol fuzzing to find new unpublished vulnerabilities and turn them into proof of concepts for the purpose of product improvements. Additionally, turning known vulnerabilities that have no proof of concepts into working proof of concepts. Creating new custom attacks and techniques to attempt to circumvent detection methods and validate the effectiveness of the products.
SCADA Research - Provide a level of expertise on SCADA technologies and on attacks against critical infrastructure. Build out model SCADA networks for demonstration and training purposes, and to demonstrate how such attacks might be detected and defended against.
Threat Research ? Collaborate with Threat Researchers in gaining access to repositories and black-market applications that may prove difficult to obtain or find. Attend conferences and events to learn new trends, attacks, and techniques to be used for product improvements.
Scripting - Create a variety of scripts to assist the current vulnerability researcher and other employees in making certain tasks easier and more efficient. Additionally, provide a level of training on scripting and how to write these scripts for automation of some tedious tasks.
Training ? Collaborate with the Training organization to develop technical training in the areas of penetration testing techniques and methods, SCADA infrastructure and attacks, and threat detection and investigation.
5+ years experience performing penetration testing
Working knowledge of ICS/SCADA protocols and systems
Proficient in protocol fuzzing using BT5/OWASP type-tools and commercial tools
Highly proficient in TCP/IP networking and Linux
Skilled in one or more programming/scripting languages, with a preference for Python
Able to travel up to 30% of the time
Strong problem solving skills along with excellent verbal and written communication skills
Ability to effectively interface with stakeholders across the enterprise
BA/BS or higher (degree in technical field preferred)
Candidates must be authorized to work in the US as permanent residents
Candidate may work from Solera HQ or remotely
||South Jordan, UT |