Apply on
Original
Simplified
Introduction
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
At IBM, we help defenders continuously assess their real-world security. Our Adversary Services offering provides an experience designed to mirror today's advanced adversaries, not yesterday's threats. We partner with security teams to help them understand the art of the possible by delivering an unrivaled attack experience, at scale.
As a security researcher on X-Force's new Offensive Research group (XOR), you will engage in cutting-edge offensive security research, harnessing AI alongside X-Force's advanced methodologies and capabilities. You will work with our team of expert researchers to ensure that X-Force remains at the forefront of red teaming innovation, while also producing public research that enhances our visibility in the field.
You'll be responsible for inventing clever ways to breach customer networks and bypass security controls, by finding and exploiting vulnerabilities in widely used software and hardware. You'll work alongside our offensive engineers, researchers, and developers to drive those innovations throughout our toolsets and across our customers.
Simulating sophisticated threat actors takes industry leading offensive research, advanced capabilities, and mature methodology. We believe offensive security research is essential for both simulating various sophistication levels of threat actors and enabling defenders to better understand, defend, and respond to attacks. IBM X-Force has built its reputation in the industry by setting the standard for compelling offensive security research. X-Force members regularly present research at the top security conferences in the world.
We leverage automation and AI in targeting, tasking, and analysis to free up our human operators to solve the more interesting challenges for hacking the world's largest banks, defense contractors, and critical industries. We are looking for individuals that are driven, proactive, thorough, and forward looking - people who understand the importance of teamwork and how to contribute to a high-performing team.
Responsibilities of the Role:
Solving problems that do not have known solutions
Perform in-depth analysis and research to uncover exploitable vulnerabilities in widely used systems and products.
Create proof-of-concept exploits to illustrate the possible impact of zero-day vulnerabilities.
Help develop offensive tooling and frameworks
Design tools and scripts to streamline reverse engineering tasks and increase efficiency
Help design forward thinking security research projects to best meet team goals
Thoroughly document and record research findings
Publish written research and present at notable security conferences
Incorporate feedback loops with peers on offensive research and tooling
Help develop methodologies for leveraging AI in vulnerability research and reverse engineering
Stay informed about the latest advancements in vulnerability research
Provide guidance and offense-related insights throughout IBM on AI technologies
Required Technical and Professional Expertise
Proficient in binary analysis using a reverse engineering platform such as IDA Pro, Ghidra, or Binary Ninja
Proficient in dynamic analysis using debuggers (WinDbg, gdb)
Proficient in reading and writing assembly (x64, ARM)
Deep understanding of low-level operating system internals
Track record in vulnerability research and CVE assignments
Demonstrated exploit development experience
Development Experience: 5+ years coding in two or more programming languages (Python, C#, C/C++, Rust)
Experience with software version control systems such as git
Experience with packet capture (Wireshark) and network protocols analysis
Competencies required:
Ability to collaborate effectively with team members
Strong written and verbal communication skills in English
Strong creative problem-solving skills
Demonstrated experience finding vulnerabilities in widely used software
Familiarity with common vulnerability classes and their corresponding exploitation techniques
Experience reverse engineering closed source software
Experience developing offensive tooling or frameworks
Preferred Technical and Professional Expertise
BA/BS in an Infosec related major or commensurate practical experience
Experience with kernel driver development (WDK/lkm)
History of developing open-source software for the security community
History of presenting at security conferences
Experience leveraging AI for offensive security research
Experience with offensive use of generative AI and large language models
Experience supporting Red Team Operators through development of tooling
Knowledge of EDR detection capabilities and associated evasion techniques for behavioral based alerting
Prior security consulting experience
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
At IBM, we help defenders continuously assess their real-world security. Our Adversary Services offering provides an experience designed to mirror today's advanced adversaries, not yesterday's threats. We partner with security teams to help them understand the art of the possible by delivering an unrivaled attack experience, at scale.
As a security researcher on X-Force's new Offensive Research group (XOR), you will engage in cutting-edge offensive security research, harnessing AI alongside X-Force's advanced methodologies and capabilities. You will work with our team of expert researchers to ensure that X-Force remains at the forefront of red teaming innovation, while also producing public research that enhances our visibility in the field.
You'll be responsible for inventing clever ways to breach customer networks and bypass security controls, by finding and exploiting vulnerabilities in widely used software and hardware. You'll work alongside our offensive engineers, researchers, and developers to drive those innovations throughout our toolsets and across our customers.
Simulating sophisticated threat actors takes industry leading offensive research, advanced capabilities, and mature methodology. We believe offensive security research is essential for both simulating various sophistication levels of threat actors and enabling defenders to better understand, defend, and respond to attacks. IBM X-Force has built its reputation in the industry by setting the standard for compelling offensive security research. X-Force members regularly present research at the top security conferences in the world.
We leverage automation and AI in targeting, tasking, and analysis to free up our human operators to solve the more interesting challenges for hacking the world's largest banks, defense contractors, and critical industries. We are looking for individuals that are driven, proactive, thorough, and forward looking - people who understand the importance of teamwork and how to contribute to a high-performing team.
Responsibilities of the Role:
Solving problems that do not have known solutions
Perform in-depth analysis and research to uncover exploitable vulnerabilities in widely used systems and products.
Create proof-of-concept exploits to illustrate the possible impact of zero-day vulnerabilities.
Help develop offensive tooling and frameworks
Design tools and scripts to streamline reverse engineering tasks and increase efficiency
Help design forward thinking security research projects to best meet team goals
Thoroughly document and record research findings
Publish written research and present at notable security conferences
Incorporate feedback loops with peers on offensive research and tooling
Help develop methodologies for leveraging AI in vulnerability research and reverse engineering
Stay informed about the latest advancements in vulnerability research
Provide guidance and offense-related insights throughout IBM on AI technologies
Required Technical and Professional Expertise
Proficient in binary analysis using a reverse engineering platform such as IDA Pro, Ghidra, or Binary Ninja
Proficient in dynamic analysis using debuggers (WinDbg, gdb)
Proficient in reading and writing assembly (x64, ARM)
Deep understanding of low-level operating system internals
Track record in vulnerability research and CVE assignments
Demonstrated exploit development experience
Development Experience: 5+ years coding in two or more programming languages (Python, C#, C/C++, Rust)
Experience with software version control systems such as git
Experience with packet capture (Wireshark) and network protocols analysis
Competencies required:
Ability to collaborate effectively with team members
Strong written and verbal communication skills in English
Strong creative problem-solving skills
Demonstrated experience finding vulnerabilities in widely used software
Familiarity with common vulnerability classes and their corresponding exploitation techniques
Experience reverse engineering closed source software
Experience developing offensive tooling or frameworks
Preferred Technical and Professional Expertise
BA/BS in an Infosec related major or commensurate practical experience
Experience with kernel driver development (WDK/lkm)
History of developing open-source software for the security community
History of presenting at security conferences
Experience leveraging AI for offensive security research
Experience with offensive use of generative AI and large language models
Experience supporting Red Team Operators through development of tooling
Knowledge of EDR detection capabilities and associated evasion techniques for behavioral based alerting
Prior security consulting experience
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job Similar Jobs
