Ready to apply?Apply Now
This job post has been archived. New applicants aren't being accepted.

(Principal) Vulnerability Researcher / Reverse Engineer

Job TypeContractor
Job LocationAmsterdam
Communication MethodRemote
Base Salary100 EUR / HOUR
Job Description

About WebSec
WebSec is a cybersecurity start-up based in Amsterdam. We specialize in a variety of offensive security services, including phishing campaigns, managed responsible disclosure services, threat hunting/red teaming, and penetration testing.

Job Responsibilities

  • Pentesting and auditing of software and hardware code.
  • Analyzing and reversing the execution flow of specific malware.
  • Conducting cryptographic vulnerability analysis.
  • Developing decryption software.
  • Researching vulnerabilities in ransomware.
  • Engaging in exploit research and development.

Skills Required

  • Master's or Ph.D. in a relevant technical field or a bachelor’s degree combined with substantial real-world experience (preferably in Cryptography).
  • Minimum of 6 years of relevant experience in reverse engineering and/or security.
  • Familiarity with various attack techniques and a hacker's mindset.
  • Relevant offensive security certifications such as OSEP and OSED.
  • Practical experience in Security Operations, especially in pentesting software and mobile apps.
  • Experience in developing embedded systems.
  • Proficiency with debuggers like gdb, WinDbg, OllyDbg, and x64dbg.
  • Ability to read and write assembly languages (x86, x64, ARM, PPC, MIPS, etc.).
  • Experience in low-level programming language development or maintenance (e.g., ASM).
  • Knowledge of static or dynamic binary analysis techniques.
  • Experience with reverse engineering tools such as IDA Pro, Radare2, and objdump.
  • Expertise in developing binary instrumentation or source transformation tools.
  • Understanding of exploit mitigations like DEP, ASLR, and stack canaries.
  • Knowledge of ROP gadgets or other exploit programming methods.
  • Familiarity with OS internals, including device drivers and kernel development.
  • Expertise in the C programming language.
  • Strong communication skills in both written and spoken English. Dutch proficiency is a plus.

Nice-to-Have

  • Project management certifications, e.g., ITILv4 or Prince2.
  • Certifications like eCRE, GREM, GXPN.
  • CVE numbers related to ICS software or hardware vulnerabilities.
  • Proven record of responsible disclosures.
  • A GitHub portfolio showcasing security tools, exploits, or publications.
  • Red teaming experience.
  • Military SIGINT experience.

What We Offer

  • Opportunities for remote work.
  • A competitive hourly rate of €100 all in excl VAT.
  • Flexible working hours.
Share this job in your community!