Tenable is looking for a Senior Research Engineer to join our security research team. This position will involve researching existing vulnerabilities, looking for new vulnerabilities, and developing checks/plugins to detect these vulnerabilities via our products. This role will involve some interfacing with stakeholders outside the Research team.

Key areas of focus:

• Works on complex research and development initiatives
• Implements advanced detection logic while minimizing false positives & false negatives
• Participates in detection logic discussions and the research of new methods for detection
• Interfaces with stakeholders on externalizing the outcomes of some of the research
• Helps / trains other researchers, when needed

• Keep abreast with the advancements and developments in the security industry and perform original research to keep our customers secure
• Develop detection scripts for Tenable’s sensors (Nessus vulnerability scanner and others) based on the research findings
• Research and develop methods of detection for additional services and products from different vendors
• Demonstrably strong programming skills in one or more languages
• Ability and experience in showcasing original research externally – via blogs, white-papers, etc.
• Ability to work independently as a researcher as well as part of a larger team.
• Experience working with multiple operating systems (proficiency with Linux a must)
• Excellent written and verbal communication skills
• Adaptable and able to shift priorities as needed
• Meticulous in terms of quality & accuracy of work
• Willingness to explore and learn
• B.S. degree in Computer Science or a related field, or equivalent work experience
• At least 5 years of R&D experience

And Ideally:

• In depth understanding of common security vulnerabilities, CVSS scoring, vulnerability classification, detection and exploitation techniques.
• In-depth protocol analysis and interaction. Expert level knowledge of common protocols such as HTTP, DNS, SSH, SMB, etc. and fuzzing
• Some prior experience performing open-ended research when given high-level requirements and details of the desired output.
• Experience with pen-testing, researching, discovering, or publishing vulnerabilities
• Reverse engineering experience including basic binary analysis, packet capture analysis, and firmware analysis (using binwalk). Prior experience with debuggers, disassemblers or decompilers (e.g. IDA Pro, Immunity Debugger, gdb)
• Experience with C or C++, Assembly (x86/x64 and/or ARM/ARM64) and / or scripting languages
• One or more security related certifications (e.g. OSCP)
• Experience with systems administration and be comfortable working at the command line