Senior Systems Security Engineer and Vulnerability Researcher
Senior Systems Security Engineer and Vulnerability Researcher
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 175000 - 240000
1 Vacancy
Job Description
We are seeking an experienced Senior Systems Security Engineer & Vulnerability Researcher with deep expertise in OS security container security hypervisor security and process sandboxing. The role requires robust offensive security skills in identifying and exploiting vulnerabilities particularly within the Internet Computer (IC) platform and its environments.
The ideal candidate will conduct thorough security research perform vulnerability assessments develop exploits and continuously monitor/improve security posture of the IC platform.
This is a hybridonsite position (onsite 3x per week) based out of our new office in the heart of San Francisco.
Key Responsibilities:
Hypervisor & Virtualization Security
- Research and mitigate security risks in QEMUbased virtualization VM isolation and guesttohost escape vulnerabilities.
- Analyze attack surfaces within virtual machines hypervisors and interVM communication mechanisms.
- Develop and test exploit techniques targeting hypervisor weaknesses sidechannel leaks and container escapes.
- Design and enhance secure VM models and Trusted Environments (TEE) using AMD SEVSNP to enforce strong VM isolation protect workloads from compromised hypervisors and ensure memory confidentiality and integrity.
Operating System & Process Isolation Security
- Strengthen Linux OS security including process isolation sandboxing and syscall filtering.
- Improve Mandatory Access Control (MAC) policies (SELinux) to enforce stricter access controls.
- Research and refine sandboxing strategies to contain untrusted processes. Assess process sandboxing techniques to contain untrusted
- Identify and mitigate kernel privilege escalation vectors particularly in containerized and virtualized environments.
Vulnerability Research & Exploit Development
- Perform reverse engineering binary analysis and fuzzing to uncover vulnerabilities across OS hypervisor and VM layers.
- Develop proofofconcept (PoC) exploits to validate security threats and recommend mitigation strategies
- Analyze and improve secure boot mechanisms firmware security and disk encryption strategies for virtualized environments.
Security Hardening & Mitigations
- Work closely with engineers to design and implement hypervisor and VM security mitigations.
- Research and propose hardened runtime environments that defend against modern attack techniques.
- Track emerging threats in virtualization security container security and OS sandboxing.
Red Team Strategy &
- Lead and design sophisticated Red Team operations targeting Internet Computer Protocol governance subnets nodes and system dApps.
- Develop adversary emulation plans to test both platform and infrastructure defenses identifying weaknesses before they can be exploited.
Requirements:
- Deep understanding of Linux security internals including kernel attack surfaces syscall security privilege separation and process isolation
- Expertise in QEMU/KVM security including guesttohost escapes hypervisor hardening and VM isolation techniques.
- Handson experience analyzing hypervisorlevel attacks VM escape techniques and virtualization security mitigations.
- Understanding of sidechannel vulnerabilities (e.g. Spectre Meltdown L1TF MDS) affecting virtualization environments.
- Proficiency in Trusted Environments (TEE) and secure virtualization with a focus on QEMU and AMD SEVSNP for workload confidentiality and integrity.
- Experience with reverse engineering tools (Ghidra IDA Pro Binary Ninja binwalk) and fuzzing frameworks.
- Skilled in adversary emulation lateral movement techniques privilege escalation and exfiltration tactics.
- Expertise in securing containerized environments including Kubernetes security container hardening and runtime protection.
Base Salary Range: $175000 $240000/yr
This position can be considered across multiple levels. Total compensation at DFINITY consists of base salary generous bonus and is determined based on multiple factors including job leveling areas of expertise educational background geographic location and overall experience.
In addition to the cash components of our offers we have generous benefits including top tier medical dental and vision insurance; disability insurance; life insurance; 401(k); flexible PTO policy in addition to paid holidays.
About DFINITY and the Internet Computer:
Join our team of over 250 talented individuals including worldrenowned cryptographers distributed systems engineers programming language experts and industry leaders who are shaping the future of the internet and web3.
All qualified applicants will receive consideration for employment without regard to race color religion gender gender identity or expression sexual orientation national origin genetics disability age or veteran status.
Required Experience:
Senior IC
Employment Type
Full-Time
