Reverse Engineer

Summary

Join SonicWall's cybersecurity team as a Reverse Engineer and Security Analyst, focusing on assessing the security of Windows VPN and desktop client applications, as well as SonicWall mobile client apps. You will identify and mitigate security vulnerabilities, ensuring the confidentiality, integrity, and availability of SonicWall products and services. This remote position (Costa Rica residents only) requires expertise in reverse engineering, security analysis, and various security tools. Responsibilities include conducting thorough reverse engineering analysis, identifying cryptographic algorithms, performing security assessments, and collaborating with the development team. You will also conduct penetration testing and prepare comprehensive reports detailing findings and recommendations.

Requirements

• Bachelor's degree in computer science, Cybersecurity, or a related field
• Proven experience in reverse engineering and security analysis of software applications
• Proficiency in using tools such as IDA Pro, Ghidra, and other relevant reverse engineering tools
• Strong understanding of VPN technologies, cryptographic protocols, and network security principles
• Experience with penetration testing tools and methodologies
• Excellent written and verbal communication skills

Responsibilities

• Conduct thorough reverse engineering analysis on the Windows desktop VPN and other client application and mobile client apps (Android and iOS)
• Identify and analyze cryptographic algorithms, protocols, and security mechanisms implemented in the applications
• Perform security assessments to identify vulnerabilities, weaknesses, and potential exploits in the VPN and SonicWall client applications
• Utilize various tools and methodologies to conduct static and dynamic analysis of the binary code
• Review source code and binaries for security flaws, coding errors, and potential areas of improvement
• Collaborate with the development team to provide recommendations for secure coding practices
• Conduct penetration testing on the Firewall hardware, virtual appliances, and VPN client applications to simulate real-world attack scenarios
• Document and report findings, including recommended remediation steps
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and attack vectors relevant to VPN technologies
• Prepare comprehensive reports detailing the results of security assessments and penetration tests
• Clearly communicate findings, risks, and recommended mitigations to both technical and non-technical stakeholders
• Works closely with cross-functional teams, including developers, system administrators, and PSIRT engineers, to address and resolve security issues

Preferred Qualifications

Certifications such as OSCP, OSCE, or similar are a plus