Cybersecurity Engineer - Singapore - NodeFlair

NodeFlair

Verified Company

Singapore

1 week ago

Posted by:

Wei Jie

beBee Recruiter

Description

Job Summary:

Salary
S$8,000 - S$14,000 / Monthly EST

Job Type
Permanent

Seniority
Senior Mid

Years of Experience
At least 5 years

Tech Stacks
Docker Go play VMware Java Linux Kubernetes Python

We are seeking a highly motivated Cyber Security Engineer in the Binary Vulnerability Hunting domain to work with our Information Security team. As a Cybersecurity Engineer, you will play a crucial role in discovering undisclosed vulnerabilities (0day) across various IT scenarios, including operating systems (Windows/Linux), cloudnative environments (Kubernetes/Docker), network devices (routers/switches/firewalls/VPNs), and endpoint management solutions (VMware Workspace ONE/IPMI). Your responsibilities will also include delivering exploit code and plugins for identified vulnerabilities, conducting red team engagements to simulate APT adversary scenarios, and performing realtime analysis of security log data from various sources.
Vulnerability Research and Exploits:Focus on researching undisclosed vulnerabilities (0day) in diverse IT scenarios. Deliver exploit code and plugins for identified vulnerabilities. Conduct red team engagements in various scenarios, including IDC networks, office environments, and cloud environments to emulate APT adversary scenarios.
Security Log Analysis and Monitoring: Perform realtime analysis and trending of security log data from various security devices and systems. Maintain data sources feeding the log monitoring system.

Develop and maintain detection and alerting rules.

Requirements:

Bachelor's degrees in Computer Science, Information Technology, Engineering, or related fields, with more than 5 years of relevant work experience are mandatory.
Extensive experience in writing standalone PoCs of infrastructure vulnerabilities, including writing exploit codes based on known PoCs of vulnerability descriptions.
Extensive experience with common vulnerability classes such as buffer overflows, command injection, and insecure deserialization.
Indepth understanding of modern security mitigations and methods to bypass them (e.g., stack cookies, SafeSEH, DEP, ASLR, CFG, etc.).
Indepth understanding of the security mechanisms of Windows and Linux systems, with familiarity with offensive techniques in ring0/ring
Strong skills in vulnerability analysis, fuzzing, reverse engineering, and advanced exploitation techniques, including proficiency with tools such as IDA Pro, OllyDBG, WinDBG, GDB, Burp Suite, etc.
Proficiency in programming languages like Python, Go, or Java, with the ability to understand and extend exploit techniques.
Track record of bug bounty awards, CVEs, public security articles, speaking at security conferences, being a GitHub star author, etc.
Good communication skills and an effective teamwork spirit, coupled with strong professional ethics. Selfstarting and fast learning ability.

Preferred Experience

Experience in penetration testing and red teaming, with familiarity with kill chains according to the ATT&CK Framework (e.g., initial access, Windows AD testing, lateral movement).
Experience in performing APT offensive and defensive operations.
We are looking for a dedicated Cybersecurity Engineer (Binary Vulnerability Hunting) who is passionate about cybersecurity and can contribute to the continuous improvement of our security posture. If you meet these criteria and are ready to take on these exciting challenges, we encourage you to apply.