Browser Vulnerability Researcher

WHO ARE WE?

Searchlight Cyber was founded in 2017 with a mission to stop threat actors from acting with impunity. Its External Cyber Risk Management Platform helps organizations to identify and protect themselves from threats emerging from the cybercriminal underground, with Attack Surface Management and Threat Intelligence tools designed to separate the signal from the noise.

It is used by some of the world’s largest enterprises, government and law enforcement agencies, and the Managed Security Service Providers at the forefront of protecting customers from external threats.

Find out more at www.slcyber.io.

ABOUT THE POSITION

As part of our commitment to protecting society from the threats from organized crime, terrorism and national security threats, we are seeking a highly skilled Browser Vulnerability Researcher to join our research and innovation team, focusing on identifying and mitigating vulnerabilities in Mozilla Firefox.

As a Browser Vulnerability Researcher focusing on Firefox, you will play a critical role in identifying, analyzing, and mitigating security vulnerabilities within the browser. You will be responsible for performing deep technical research to discover new vulnerabilities, working closely with developers to implement fixes. You must have demonstrable experience in browser exploitation, finding RCEs and sandbox escapes, along with familiarity with bypassing Windows mitigations.

Key Responsibilities:

• Vulnerability Research & Discovery:Conduct thorough research to discover and analyze new security vulnerabilities within the Firefox browser, including but not limited to memory corruption, sandboxing escapes, privilege escalation, and code execution vulnerabilities.
• Exploit Development:Develop proof-of-concept exploits to demonstrate the impact of discovered vulnerabilities, and collaborate with the development team to create effective patches.
• Security Testing:Utilize advanced tools and techniques for static and dynamic analysis, fuzzing, and manual code reviews to uncover hidden security flaws.
• Documentation:Maintain detailed documentation of research methodologies, findings, and vulnerability reports, ensuring clarity and completeness.
• Continuous Learning:Stay up-to-date with the latest trends, tools, and techniques in the field of browser security and vulnerability research.

Qualifications:

• Educational/Experience:No formal education/experience is required, but you must be able to demonstrate that you have previously found and exploited firefox and are familiar with the techniques, tools and approaches for finding new vulnerabilities.
• Technical Skills:
  • Deep understanding of web technologies (HTML, JavaScript, CSS) and browser architectures (e.g. spidermonkey).
  • Proficiency in C/C++ and scripting languages such as Python.
  • Experience with reverse engineering tools, debuggers, and fuzzing frameworks (e.g., AFL, LibFuzzer).
  • Familiarity with common security vulnerabilities (e.g., buffer overflow, type confusions, etc) and exploitation techniques.
  • Knowledge of security features such as sandboxing, ASLR, and CFG.
  • Soft Skills:
    • Strong analytical and problem-solving skills.
    • Ability to work independently as well as in a collaborative environment.
    • Excellent written and verbal communication skills.
    • Attention to detail and a commitment to high-quality research.

WHAT’S IN IT FOR ME?

Job satisfaction; working for a company that is genuinely making people's lives better and helping to reduce the impact of internet based crime. You will have the opportunity to grow your career with the company in a very exciting industry.

On top of a generous salary in line with your experience, you’ll receive a great benefits package, a learning and development plan to help ensure your career always moves in the right direction and enter into a company wide bonus scheme.

You’ll be challenged with interesting projects that will help you think outside the box and have plenty of opportunities to learn and practice new skills. You’ll be a key member of the team, directly contributing to our customer and supplier relationships and helping business goals. We believe in training & development, having fun and a great work life balance.

Your benefits package will include:

• 25 days holiday plus bank holidays
• Entry into company pension scheme
• Private healthcare from Axa, including dental and vision coverage
• We offer both TechScheme and Cycle2Work
• Comprehensive training and support to develop your career, including a training budget
• A range of office perks, including free fresh fruit daily, a bean to cup coffee machine and more
• Regular team building and reward events

INTERVIEW PROCESS

• Screening Call with our Talent Manager
• Face to face interview with line manager and senior management
  • We’d love to meet you in person for an interview, but are happy for a video call too!
• Offer and onboarding