Job Description

: 1. Main focus is on the research of undiscovered vulnerabilities (0 day) in different IT scenarios, such as Operating System(win/linux) Cloud native (k8s/docker) Network Device (route/switch/fw/vpn) Endpoint Management(Vmware workspace space one/IPMI) 2. Deliver the exploit code and plugins of the vulnerabilities 3. Conduct the red team engagement in different scenarios such as IDC network, office environment, cloud to mimic the APT adversary emulation. Requirements: Bachelor degree in Computer Science, Engineering or related fields More than 5 years of relevant work experience Extensive experience writing standalone PoCs of infrastructure vulnerability.For example, based on known PoC or vulnerability descriptions, writing the stably triggered exploit codes. Extensive experience with common vulnerability classes such as buffer overflows, command injection, and insecure deserialization. In-depth understanding of modern security mitigations and how to bypass them (e.g., stack cookies, SafeSEH, DEP, ASLR, CFG, and so on). In-depth understanding of the security mechanism of the Windows/Linux system, familiar with the offensive techniques in ring0/ring3. Strong skills in vuln analysis, fuzzing, reverse engineering, and/or advanced exploitation techniques familiarity with tools such as IDA Pro, OllyDBG, WinDBG, GDB, Burp Suite, etc. Experience with Python, Go or Java. The developing capability is important to be able to understand and extend the exploit techniques. Good communication skills and effective teamwork spirit, with good professional ethics Self-starting and fast learning ability Preferred Experience Experience in pentesting and red teaming, familiarity with kill chains in ATT&CK Framework (for example: initial access, Windows AD testing, lateral movement). Tracking records of bug bounty awards, CVEs, public security articles, security conference speakers, Github star authors, etc. Experience in performing APT offensive and defensive

foundit