🧐 Research Engineer

Who is Tenable? Tenable® is the Exposure Management company. 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. Our global employees support 65 percent of the Fortune 500, 45 percent of the Global 2000, and large government agencies. Come be part of our journey! What makes Tenable such a great place to work? Ask a member of our team and they’ll answer, “Our people!” We work together to build and innovate best-in-class cybersecurity solutions for our customers; all while creating a culture of belonging, respect, and excellence where we can be our best selves. When you’re part of our #OneTenable team, you can expect to partner with some of the most talented and passionate people in the industry, and have the support and resources you need to do work that truly matters. We deliver results that exceed expectations and we win together! Your Role: The Research Engineer will be involved with researching existing vulnerabilities, looking for new vulnerabilities, and developing checks/plugins to detect these vulnerabilities via our products. Your Opportunity: Works on advanced research and development initiatives Implements detection logic and scripts while minimizing false positives & false negatives Participates in detection logic discussions and the research of new methods for detection Helps other researchers on the team, when needed Develop detection scripts for Tenable’s sensors (Nessus vulnerability scanner and others) based on the research findings Keep abreast with the advancements and developments in the security industry and perform research to keep our customers secure Research and develop methods of detection for additional services and products from different vendors May perform other duties and responsibilities that management may deem necessary from time to time What You'll Need: B.S. degree in Computer Science or a related field, or equivalent work experience Good programming skills in at least one language Ability to operate independently with minimal supervision as well as collaborate and work with others as part of the larger research team Experience working with multiple operating systems (proficiency with Linux a must) Outstanding written and verbal communication skills Strong attention to detail and able to shift priorities as needed Willingness to explore and learn At least 2 years of R&D experience Ability to sit and work at a computer for extended periods of time Some travel may be required And Ideally: In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability detection, exploitation and classification techniques Strong knowledge of networking services, common protocols, etc. Experience with search engines such as Shodan and Censys Some experience with pen-testing, researching, discovering, and publishing vulnerabilities Some reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb) Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages One or more security related certifications (e.g. OSCP) Experience with systems administration and be comfortable working at the command line Understanding of common security vulnerabilities, vulnerability classification, detection and exploitation techniques Reverse engineering experience including binary analysis, packet capture analysis, and firmware analysis (using binwalk or other). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb) Experience with crash dump analysis and some exploit development In-depth protocol analysis and interaction. Knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing Some prior experience performing open-ended research when given high-level requirements and details of the desired output Experience with researching, discovering, and publishing vulnerabilities Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and scripting languagesSome experience writing blogs and whitepapers to showcase research as well as presenting at security conferences