Sr. Vulnerability Researcher

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information across enterprises, governments, and consumers.

Fueled by decades of security expertise, global threat research, and continuous innovation, Trend harnesses AI to protect organizations and individuals across clouds, networks, devices, and endpoints.

The Trend Vision One™ enterprise cybersecurity platform accelerates proactive security outcomes by predicting and preventing threats across the entire digital estate and environments like AWS, Google, Microsoft, and NVIDIA.

Proactive security starts here. TrendMicro.com

Position Summary

Trend Micro is seeking a Sr. Vulnerability Researcher to join our team of security researchers here in the Zero Day Initiative. The Zero Day Initiative is radically changing the enterprise security landscape with its unique brand of industry-leading vulnerability research. The Sr. Vulnerability Researcher role will leverage the intelligence coming in from a globally distributed network of vulnerability researchers to deliver actionable guidance to the product teams inside of Trend Micro. This role produces the intelligence that ensures that Trend Micro products can detect and block zero-day threats to an enterprise. It will also support the sales and marketing teams within Trend Micro through the publication of research, white papers, and blogs that will be presented at top security conferences and tradeshows around the world. If you enjoy analyzing, finding and exploiting vulnerabilities, researching exploit techniques and mitigations, and building systems to streamline reverse engineering analysis tasks then we'd love to hear from you.

Responsibilities

• Research newly discovered vulnerabilities in a wide range of software products
• Reverse engineer and research network protocols, file formats, and software
• Develop and verify proof-of-concept files and exploit code
• Produce reports describing software vulnerabilities and detection of attack vectors
• Monitor security industry publications, news groups and other online sources for newly discovered security vulnerabilities and emerging threats
• Implement new and improve existing tools to automate and streamline the vulnerability research process
• Collaborate with other vulnerability researchers on research, analysis and report production

Qualifications

Required Knowledge

• Functional understanding of TCP/IP protocol stack and higher-level networking protocols (wire-level protocols, RF communications, BGP, routing protocols, or others).
• Experience in static and dynamic reverse engineering binaries ((x86, x64, ARM, PPC, MIPS, SPARC, 68k, or others)
• Knowledge in a variety of operating systems internals

Required Skills & Abilities

• Ability to analyze and describe vulnerabilities and attack methods
• Familiarity with tools such as IDA Pro, Ghidra, Binary Ninja, WinDbg, gdb, LLDB, and Wireshark
• At least two of C/C++, assembly language, Java, Python, and .NET
• Ability to produce reliable exploits for a wide range of vulnerabilities.
• Understanding of exploit mitigations such as DEP and ASLR
• Excellent oral and written communication skills
• Reliable and dependable team player
• Great attention to detail and personal quality assurance
• Self-directed, self-motivated with the ability to work with minimal supervision

Professional Designation/Certification

Bachelor's or Master's degree in computer science or a related field preferred but not required.

Experience

Industry experience performing similar technical role preferred but not required

DEI Commitment

Not meeting every single requirement? At Trend Micro, we're committed to fostering a diverse, inclusive, and genuine workplace. If you're enthusiastic about this position but find that your experience and background don't perfectly match every qualification listed in the job posting, we still encourage you to apply. You could very well be the ideal candidate for this position or others within our organization.

What We Offer You

You're important to us. What matters to you, matters to us too. Trend Micro provides benefit options for you and your family.

• Group benefits program with health and dental coverage
• Telehealth Virtual Health Services
• Life Insurance
• Short & Long Term Disability
• Pre-partum, maternity, parental and medical leave
• Critical Illness Insurance
• Mental Health Wellness Program
• Wellness Incentive Program
• Retirement Savings Programs with company match
• Paid Time Off
• 14 Annual Holidays
• Tuition Assistance
• Employee Resource Groups

We offer competitive compensation with bonus opportunity tied to company performance, along with room to enhance your skills through ongoing learning and broad technological opportunities. Achieving work-life balance is a priority, complemented by team activities, fostering an environment rooted in equity, inclusion, and collaboration, that is reflected in both our culture and our work.

Trend Micro Canada has been recognized as one of the National Capital Region's Top Employers. If you're curious to learn more, click the link below to discover why joining Trend Micro could be the perfect career move for you: Trend Micro Top Employer

Be Passionate. Be Innovative. Be a Trender.

No sponsorship will be provided for work permit applications or renewals for this position now or in the future.

For applicants in the province of Ontario, Trend Micro Canada is committed to fair and equitable compensation practices. The salary for this role is CAD $105,000.00 - $165,000.00. A candidate’s final compensation for this position will be determined by various factors to include, but not limited to relevant work experience, skills, and certifications.

At Trend Micro, we embrace change, empower people, and encourage innovation in a connected world. Our diversity and multicultural workforce are key contributing factors to our success across the globe. Trend Micro welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

Key skills/competency

• Vulnerability Research
• Reverse Engineering
• Exploit Development
• Cybersecurity
• Zero Day Threats
• Network Protocols (TCP/IP)
• Static Analysis
• Dynamic Analysis
• IDA Pro/Ghidra
• C/C++/Assembly