Senior Security Researcher Ref. 407

Engineering
£42,040 and £45,188 Plus up to a £5,000 welcome package*
HMGCC has a unique and exciting opportunity for a Senior Security Researcher to join our growing team to secure our products.

HMGCC aspires to be the best place you'll ever work - we'll invest heavily in your career development through technical training programmes, professional accreditation, mentoring and on­ the-job training.

Our work is hugely varied providing many intellectual challenges following a Red Team Approach to assess our products for vulnerabilities and secure them before they are released into the field. Project time scales range from a couple of weeks to a few months. We secure a wide variety of technologies and therefore need versatile and passionate people to tackle new problems as technologies continues to advance. At HMGCC you'll see how your work can really make a difference.


Technical skills

We need you to already have experience to:

• find vulnerabilities in hardware, firmware or software using static or dynamic analysis
• code audit against vulnerability bug classes
• use Ida Pro (or a similar disassembler) to reverse engineer binary files
• debug software and analyse its interaction with operating systems
• read and deeply comprehend one or more instruction sets {x86, ARM, MIPS etc)
• produce proof-of-concepts to demonstrate an identified vulnerability using an appropriate language
• provide detailed analysis to the design team on how the vulnerability can be mitigated

The following are desirable and would strengthen your application:

• Credited for one or more CVE's
• Have relevant certification from EC Council, GIAC, CREST or CHECK
• Experience in using Penetration testing tools
• Experience of Digital Forensics


Personal Skills

To work as a Security Researcher you will be the type of person who:

• Is technically curious, likes to take things apart to learn how they function
• Has excellent problem solving abilities and has the ability to adapt to unplanned changes, overcoming obstacles and seeing tasks through to completion
• Takes pride in being the 'go to person', establishing your credibility equally with technical peers and non-technical end users
• Values the opportunity of leading others to the right outcome, being able to manage any tensions between the end user and engineering worlds
• Personally enjoys actively maintaining your technical knowledge, making sure that you keep up with all the latest developments
• Enjoys working with a range of experts, knowing when to draw on their expertise to help you deliver project requirements
• Feels confident with uncertainty, helping others to reduce and manage ambiguity around potential ways forward
• Is able to communicate detailed technical information to a wide range of audiences including non-technical staff
• Is able to think through issues logically and find appropriate solutions; knowing when to refer issues to others, and draw on expertise


Putting your skills to use

With a strong interest in technology and a fascination in writing code to 'make things happen' you will be given autonomy to explore and experiment. You will apply yourself to secure our products by:

1. Performing Vulnerability Research against our products, document your findings and where applicable provide proof-of-concepts to demonstrate a vulnerability, and then provide a practical mitigation for our product team to secure it.
2. Contribute to project planning and meetings.
3. Supervise or mentor less experienced engineers.


The Process

Firstly, you will need to complete two aptitude tests to assess your logic and problem solving skills, and then complete a simple application form. Short listed candidates will be invited to attend a technical interview. You will be asked to bring to the interview some printed material to enable you to discuss a publicly known vulnerability and how it could be mitigated - you should spend no longer than one hour to prepare this material.

If you are successful at this stage, you will be invited back for a second stage interview.

You will play an integral part in ensuring that our Governments communication systems in the UK and around the globe are reliable and totally secure. In return we will offer you a positive and creative environment to work in and give you all of the tools and training to develop and be the best that you can be.

To find out more about HMGCC and how we are truly individual both as an organisation and an employer visit 'about us'.


*If you are relocating to the area then we can discuss the possibility of a relocation package.

*Please note dependent on the recruitment requirements, we withhold the right to bring forward the closing date for this role from the original closing date.

This Program / Vacancy is closed to applications.