Responsibilities:
While this is an Individual contributor role, you’ll be involved in working with the Fortinet’s FortiGuard Labs team to do Security Research “Primarily” on Fortinet Products and at times on External Products.
Discover new Exploitation Techniques or Attack Vectors. Discover new Zero-Day Exploits/Vulnerabilities. Write Proof of Conceptexploits for vulnerabilities. Build Automated Frameworks to automate SAST & DAST. Work with development team to fix the discovered vulnerabilities. Analyze new attacks, attack surfaces. Stay up to date on the latest exploitation techniques.Requirements:
At-least 3-5 years of experience in Product Penetration Testing and/or Vulnerability Research. Reverse engineering experience including binary analysis, and firmware analysis(using binwalk or other). Prior experience with dynamic analysis debuggers (e.g. OllyDBG, WinDBG), disassemblers or decompilers (e.g. IDA Pro.) Penetration testing web applications & attack analysis experience using tools including Burp Suite, Fiddler, Metasploit, AppScan, Qualys, Nessus,AppScan, WebInspect, HP Fortify, etc. Experience with fuzzing (web & binary)tools. Deep understanding of SANS Top 20, OWASPTop 10, etc Experience in writing Proofof Concept exploits for vulnerabilities. Familiar with Top Web & MobileApplication Security Risks/Vulnerabilities and attack techniques in MITRE ATT&CK matrix. Solid knowledge& experience of writing code in programming languages like PHP, Java, C/C++ JavaScript and/or Python. Familiar with Database languages. Familiar with popular Web Server software(e.g. Nginx, Apache,IIS) and Web Application Frameworks. Deep Understanding of OS (Windows, Linux, MacOS) Internals & networking protocols such as TCP/IP, DNS, HTTP, Scada, IoT, etc. Good understanding of Fortinet product line-up, solid security background, in-depth understanding of penetration testing, asymmetric cryptography, scripting knowledge, oriented and able to follow processes thoroughly. Self-directed, Self-motivated with the ability to work with minimal supervision and be Productive. Ability to communicate security issues to technical and non-technical audiences. A Team Player and Ability to collaborate with a variety of internal stakeholders (security champions, product managers, development teams, security architects). Proven analytical and problem solving skills and out-of -the-box thinking. CTF, Bug-Bounty or proven Multiplepublic records of Vulnerability Disclosure (e.g. CVEs) is a strong plus.Education
Bachelor's and Master's Degree in ComputerScience, Computer Engineering, Electronic Engineering, Information Security, Information Technology or Cyber Security. Interest in practical discovery of security vulnerabilities & exploitation. OSCP, OSCE,GWAPT, GPEN, CEH, LPT, CISSP or other industry security certification is a strong plus. Exceptions to the above will be made for those with a proven experience.The US base salary range for this full-time position is $120,000-$150,000. Fortinet offers employees a variety of benefits, including medical, dental, vision, life and disability insurance, 401(k), 11 paid holidays, vacation time, and sick time as well as a comprehensive leave program.
Wage ranges are based on various factors including the labor market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, experience, and geographic location.
All roles are eligible to participate in the Fortinet equity program, Bonus eligibility is reviewed at time of hire and annually at the Company’s discretion.
#LI-BHAVYA
#GD