Senior Security Researcher: Vulnerability Research

Forte St

What you will do

• Drive coverage-guided and differential fuzzing against browser engines, applications and binaries; design harnesses, grammars and corpora that reach deep code paths.
• Backtrace and root-cause memory-corruption bugs to their exact faulting condition: deterministic reproduction, minimisation, and a clear write-up of why the bug happens.
• Classify and build primitives from memory bugs: out-of-bounds read/write, use-after-free, type confusion, uninitialised, memory, info-leak.
• Write exploits and chain primitives into full kill chains: leak, corruption, control-flow hijack, in-process code, execution, then sandbox escape and privilege escalation.
• Reverse engineer binaries (closed-source applications, libraries, components) and analyse engine internals at the assembly level.
• Defeat modern mitigations: ASLR, DEP/W^X, CFI/CFG, stack cookies, ARM64 PAC/MTE, and engine sandboxes such as the V8 heap sandbox.
• Harden chains for reliability (deterministic heap grooming, retry and cleanup) and validate them with reverse and regression tests across builds.
• Feed every confirmed primitive and chain back into the research corpus.
• Must-have (very senior)
• Proven track record finding and exploiting memory-corruption vulnerabilities in real, modern, hardened targets (not just CTF, though CTF pedigree is welcome).
• Fluent in assembly (x86-64 and ARM64): you read and reason about disassembly comfortably.
• Strong memory-testing and debugging methodology: sanitizers (ASan/MSan/UBSan), record-and-replay (rr), gdb/lldb/WinDbg, heap analysis.
• Hands-on exploit development and chaining experience, including mitigation bypass.
• Browser internals knowledge: at least one of V8, SpiderMonkey or JavaScriptCore (JIT, garbage collector, object model), plus the surrounding IPC/sandbox.
• Binary reverse engineering for applications and libraries (IDA, Ghidra, Binary Ninja).
• C/C++ and a scripting language (Python or similar) for tooling.
• Nice to have
• Published CVEs, advisories, conference talks, or a public exploit/research portfolio.
• Mobile platform research (Android or iOS): kernel, media pipelines, messengers.
• Fuzzilli / libFuzzer / custom REPRL harness experience.
• Patch-diffing and n-day reconstruction.
• Familiarity with using LLMs to accelerate triage and first-pass exploitation.
• Who we are looking for
• A winner.
• Someone who closes hard bugs end to end, works to proof rather than to a report, and treats "it does not reproduce" as the start of the work, not the end.
• Senior enough to set the standard for everyone around you, hands-on enough to still be in the debugger every day.
• What we offer
• Work on the hardest targets, with serious compute behind you (a fuzzing fleet, not a laptop).
• A small, specialised team and direct ownership: your findings go all the way to a proven capability.
• Premium compensation for rare profiles, relocation support to the UAE, and a long-term research mission.
• Strict, documented authorization and compliance: all work is for vetted clients, on owned or authorized targets, under responsible-disclosure and export-control rules.