Cleared Vulnerability Research Engineer

Job Summary

As a Exploit Development Specialist, you will focus on end‑to‑end exploit development for real‑world targets. You design, develop, and validate novel vulnerability discovery and exploitation capabilities against complex software and systems at the operating system, binary, and micro‑architectural levels. Success requires translating an under‑defined mission objective into a concrete, technically novel capability while operating with minimal supervision.

• Design, develop, and validate novel vulnerability discovery and exploitation capabilities.
• Conduct expert reverse engineering of binaries (x86‑64, ARM
  64, etc.) using industry‑standard tools.
• Identify and exploit real‑world vulnerabilities such as use‑after‑free, type confusion, integer truncation, and buffer overflow.
• Discover new, novel vulnerabilities in complex systems.
• Understand current vulnerability research and apply findings to identify new instances of vulnerability classes.
• Employ both manual analysis and automated techniques (e.g., fuzzing) for vulnerability discovery.
• Code and debug complex functions in C, Python, and Assembly (x86‑64, ARM, etc.).
• Independently manage and execute research objectives, including scoping, research, experimentation, validation, and iteration.
• Travel to customer sites as required and perform on‑site work for extended periods of time.

• Experience with reverse engineering tools such as Binary Ninja, Ghidra, or IDA Pro.
• Deep understanding of stack and heap objects and exploit‑relevant vulnerabilities.
• Proven ability to discover new vulnerabilities, not just exploit known ones.
• Experience with both manual analysis and automated techniques, including fuzzing.
• Proficiency in coding and debugging C, Python, and Assembly (x86‑64, ARM, etc.).
• Strong research ownership and autonomy; able to translate an under‑defined mission into a concrete, technically novel capability.
• Comfort working with minimal supervision and incomplete problem definitions.
• TS/SCI clearance required (inactive SCI acceptable if SCI‑clearable).

The position requires handling highly confidential, sensitive information related to Bugcrowd's technologies. Candidates must possess integrity and maintain confidentiality.

Remote work‑from‑home with travel to customer location in Alabama to perform work in cleared spaces. The candidate must be able to sit and/or stand for 50% of the time and carry or move a laptop as needed.

Base salary range: $154,800 – $193,500. The position may also be eligible for a discretionary bonus program or commission plan subject to the company's rules.

Bugcrowd is an Equal Opportunity Employer, including disability and age. All qualified applicants are considered regardless of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. If reasonable accommodation is required, please contact HR at .