This exciting opportunity is a full-time, permanent position with Converge. We are seeking a highly skilled Offensive Security Researcher with a deep understanding of vulnerability discovery and exploit development. The role focuses on identifying previously unknown (zero-day) vulnerabilities in commercial and open-source software, creating proof-of-concept (PoC) exploits, and working closely with external third parties to mitigate risks. You will be at the forefront of cybersecurity research, analyzing software systems, reverse engineering code, and crafting innovative offensive techniques to identify emerging threats.
Key Responsibilities:
Conduct vulnerability research across various platforms and technologies (e.g., desktop applications, cloud services, IoT, mobile, embedded systems)
Use manual inspection, automated tools, and scripts to find vulnerabilities in software and hardware
Analyze and reverse engineer software to discover security weaknesses and undocumented features
Develop reliable and weaponized Proof-of-Concept (PoC) exploits for identified vulnerabilities
Work on fuzzing frameworks, custom tools, and scripts to automate vulnerability discovery
Collaborate with third parties to ensure timely vulnerability disclosure and patch development
Document research findings through technical write-ups, advisories, internal reports, and blogs
Stay up-to-date with the latest security trends, tools, and techniques, and apply them to ongoing research
Present findings at relevant conferences, webinars, and other public forums
Skills and Qualifications:
Advanced knowledge of modern programming languages
Familiarity with software security concepts, including vulnerability types (e.g., race conditions, privilege escalation, SQLi, XSS)
Experience in network protocol analysis, packet crafting, and penetration testing tools (e.g., Wireshark, Burp Suite, Metasploit)
Familiarity with static and dynamic code analysis tools and techniques.
Familiarity with emulator and virtualization technologies
Self-starter and requires minimal supervision
Strong communications skills (written and verbal)
Strong documentation skills required for deliverable development
Strong organization skills to effectively manage your own time, calendar and follow-ups
Experience:
3-5 years of hands-on experience in offensive security research, with a proven track record of vulnerability discovery and exploit development
Prior CVEs to your name
Strong experience with dynamic analysis and debugging tools such as WinDbg, gdb, Frida, etc
Experience with fuzzing methodologies and frameworks (e.g., AFL, libFuzzer, Peach, etc.)
Understanding of modern exploitation mitigations and bypass techniques (e.g., ASLR, DEP, CFG, CFI)
Preferred:
Experience contributing to open-source security tools or vulnerability databases
Certifications relevant to the role, such as the OSWE, OSED and/or OSEE
4-year college degree in Computer Science or Cybersecurity
Work Environment:
This position is remote within the United States.
Total Rewards:
We offer a comprehensive total rewards package that includes base salary, quarterly bonus, healthcare benefits, 401k match, company stock match program, PTO/holiday, training/development and so much more.
