Security Researcher II (Vulnerability Research)

About the role

We are seeking a mid‑level Vulnerability Researcher to join our security research team. You will audit code, analyse complex systems and uncover security flaws across mobile, web, native applications and IoT devices. The role focuses on finding, validating and documenting vulnerabilities through source‑code review, program analysis and research‑driven investigation.

Key responsibilities

• Audit source code to identify security issues in mobile, web, backend, API, native, embedded and IoT environments.
• Analyse applications written in diverse languages, frameworks and technology stacks.
• Identify vulnerability classes such as memory corruption, logic flaws, authentication/authorisation errors, injection, insecure deserialization, cryptographic misuse, race conditions, sandbox escapes and privilege escalation.
• Perform static and dynamic analysis to validate findings, assess exploitability and determine impact.
• Develop clear proof‑of‑concepts to demonstrate vulnerabilities safely.
• Use and adapt security research tooling – debuggers, fuzzers, instrumentation frameworks, test harnesses and custom scripts.
• Design targeted test cases or fuzzing strategies for parsers, APIs, protocols, IPC interfaces and file formats.
• Research emerging technologies, platforms, vulnerability classes and attacker techniques.
• Document findings with technical root cause, impact, reproduction steps, exploitability analysis and remediation guidance.
• Collaborate with engineers, product and security teams to communicate risk and improve software security.
• Contribute to internal tools, automation, research notes and knowledge‑sharing materials.
• Present research internally and, when appropriate, contribute to external publications, advisories, blog posts or conference material.

Required profile

• 3–5 years of experience in vulnerability research, application security, offensive security, secure code review, penetration testing, exploit development or a related technical security field.
• Strong ability to read, understand and audit code in multiple programming languages.
• Comfortable approaching unfamiliar languages, frameworks and platforms with a research mindset.
• Good understanding of common vulnerability classes across web, mobile, API and cloud‑connected environments.

Required skills

• Static analysis
• Dynamic analysis
• Reverse engineering
• Debuggers
• Fuzzers
• Instrumentation frameworks
• Test harness development
• Custom scripting
• Exploit development
• Code auditing across multiple languages