Product Security Research Engineer
United States of America
Full Time
2 weeks ago
H1B Sponsor Likely
Key skills
AI
About this role
netPolarity, Inc. is seeking a Senior Product Security Research Engineer to proactively discover and validate complex attack paths within their product ecosystem. The role involves working closely with Security Architects to link vulnerabilities and enhance defensive measures using AI-driven engineering.
Responsibilities:
- Attack Path Discovery: Partner with Security Architects to identify and technically validate potential exploit sequences. You will engineer proofs-of-concept to demonstrate how individual vulnerabilities can be linked to create significant product exposure
- Impact Analysis: Perform deep-dive technical research to determine the exact “blast radius” of a vulnerability. You will be responsible for identifying exactly which products and versions are impacted and what specific data or services are at risk
- Proactive Defense: Translate offensive research into preventative measures, providing Engineering teams with the technical evidence and architectural guidance needed to implement robust, long-term mitigations
- AI-Enhanced Security Engineering: Explore and implement AI-driven automation to enhance our discovery and analysis capabilities. You will use emerging technologies to scale the identification of complex vulnerability patterns across the stack
- Technical Advocacy: Serve as a senior technical subject matter expert during high-stakes triage, helping stakeholders understand the practical reality of threat through evidence-based technical analysis and exploit modeling
Requirements:
- 6-9 years of experience in Product Security Engineering, Vulnerability Research, or Offensive Security, with a focus on deconstructing complex software systems
- A talent for 'Attack Path Thinking', you can look at a complex architecture and identify how a minor logic flaw could lead to a major compromise
- A strong understanding of software vulnerabilities (logic flaws, memory corruption, auth bypasses) and how they manifest in cloud-native and hybrid-cloud environments
- Experience or a strong interest in using AI-driven tools to scale security engineering and automate the discovery of sophisticated vulnerability patterns
- An ability to work as peer with Architects and Developers, using technical data and research to build consensus on remediation paths
- Experience with reverse engineering or high-level exploit development in a research-focused environment
- Familiarity with 'Graph-based' security analysis (mapping relationships between assets, permissions, and vulnerabilities)
- Contributions to the security community, such as tool development, technical whitepapers, or responsibility disclosed CVEs
- Experience in a distributed engineering environment where technical evidence is the primary driver of security prioritization