Vulnerability Researcher

Searchlight Cyber was founded in 2017 with a mission to stop threat actors from acting with impunity. Its External Cyber Risk Management Platform helps organizations to identify and protect themselves from threats emerging from the cybercriminal underground, with Attack Surface Management and Threat Intelligence tools designed to separate the signal from the noise.

It is used by some of the world's largest enterprises, government and law enforcement agencies, and the Managed Security Service Providers at the forefront of protecting customers from external threats.

Find out more at www.slcyber.io.

As part of our commitment to protecting society from the threats from organized crime, terrorism and national security threats, we are seeking a highly skilled Vulnerability Researcher to join our research and innovation team. We are looking for expertise in one or more of the following areas: Windows kernel, Android applications, Linux kernel, or modern web browsers.

As a Vulnerability Researcher, you will play a critical role in identifying, analyzing, and mitigating security vulnerabilities across various platforms and technologies. You will be responsible for performing deep technical research to discover new vulnerabilities, working closely with developers to implement fixes. You must have demonstrable experience in vulnerability discovery and exploitation, including finding remote code execution vulnerabilities, privilege escalation, and sandbox escapes, along with familiarity with bypassing modern security mitigations.

• Vulnerability Research & Discovery: Conduct thorough research to discover and analyze new security vulnerabilities within your area of expertise, including but not limited to memory corruption, sandboxing escapes, privilege escalation, and code execution vulnerabilities.
• Exploit Development: Develop proof-of-concept exploits to demonstrate the impact of discovered vulnerabilities, and collaborate with the development team to create effective patches.
• Security Testing: Utilize advanced tools and techniques for static and dynamic analysis, fuzzing, and manual code reviews to uncover hidden security flaws.
• Documentation: Maintain detailed documentation of research methodologies, findings, and vulnerability reports, ensuring clarity and completeness.
• Continuous Learning: Stay up-to-date with the latest trends, tools, and techniques in the field of vulnerability research and security across multiple platforms.

• Educational/Experience: No formal education or experience is required, but you must be able to demonstrate that you have previously found and exploited vulnerabilities in one or more of the following areas:
  • Windows kernel vulnerabilities and exploitation
  • Android application security and exploitation
  • Linux kernel vulnerabilities and exploitation
  • Modern web browser vulnerabilities (Chrome, Firefox, Safari, Edge)
• Technical Skills: Deep understanding of your chosen specialization area(s) and underlying architectures. Proficiency in relevant programming languages such as C/C++, Java/Kotlin (for Android), and scripting languages such as Python. Experience with reverse engineering tools, debuggers, and fuzzing frameworks (e.g., AFL, LibFuzzer, syzkaller). Familiarity with common security vulnerabilities (e.g., buffer overflow, use-after‑free, type confusions, integer overflows) and exploitation techniques. Knowledge of modern security features and mitigations such as sandboxing, ASLR, DEP, CFG, and SELinux/AppArmor. Experience with operating system internals, memory management, and process/thread management.
• Soft Skills: Strong analytical and problem‑solving skills. Ability to work independently as well as in a collaborative environment. Excellent written and verbal communication skills. Attention to detail and a commitment to high‑quality research.

Job satisfaction; working for a company that is genuinely making people's lives better and helping to reduce the impact of internet based crime. You will have the opportunity to grow your career with the company in a very exciting industry.

On top of a generous salary in line with your experience, you'll receive a great benefits package, a learning and development plan to help ensure your career always moves in the right direction and enter into a company wide bonus scheme.

You'll be challenged with interesting projects that will help you think outside the box and have plenty of opportunities to learn and practice new skills. You'll be a key member of the team, directly contributing to our customer and supplier relationships and helping business goals. We believe in training & development, having fun and a great work life balance.

Your benefits package will include:

• 25 days holiday plus bank holidays
• Entry into company pension scheme
• Private healthcare from Axa, including dental and vision coverage
• We offer both TechScheme and Cycle2Work
• Comprehensive training and support to develop your career, including a training budget
• A range of office perks, including free fresh fruit daily, a bean to cup coffee machine and more
• Regular team building and reward events

• Screening Call with our Talent Manager
• Face to face interview with line manager and senior management
  • We’d love to meet you in person for an interview, but are happy for a video call too!
• Offer and onboarding