Sr. Vulnerability Researcher ( Jr and Sr. Level)

Leading the future in luxury electric and mobility At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.   We plan to lead in this new era of luxury electric by returning to the fundamentals of great design – where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.   Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we’re providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.We are seeking an experienced Senior Vulnerability Researcher to join our team and take a leading role in advancing our organization's security posture. In this position, you will apply your extensive expertise in vulnerability research, exploit development, and security analysis to identify and address software vulnerabilities.


Your responsibilities will include leading advanced vulnerability research efforts, developing complex proof-of-concept exploits, and providing mentorship to junior team members. Additionally, you will play a crucial role in automating tasks related to reverse engineering and vulnerability research. To excel in this role, you should have a strong background in disassemblers, fuzzing techniques, ARM assembly languages, symbolic execution, and debugging tools. Proficiency in using Qemu and a proven ability to analyze crash reports are also essential qualifications.

If you have a passion for cybersecurity and want to make a significant impact in enhancing security measures, we encourage you to apply

*This is an Onsite opportunity at our HQ office in Newark, CA**


Responsibilities:

• Advanced Vulnerability Research: Lead and perform advanced vulnerability research on software systems, utilizing both static and dynamic analysis methods.
• Exploit Development: Develop complex proof-of-concept exploits for identified vulnerabilities to demonstrate their potential impact.
• Documentation and Reporting: Document all research findings, including the identification and exploitation of vulnerabilities. Prepare detailed reports and presentations for team members and customers.
• Sophisticated Exploitation Techniques: Utilize advanced software and hardware exploitation methods to gain access to protected information, systems, or devices.
• Automation Leadership: Drive the development of advanced tools and techniques to automate tasks that traditionally require extensive manual reverse engineering efforts, vulnerability research, and binary fingerprinting.
• Mentorship and Technical Leadership: Provide mentorship, guidance, and technical leadership to junior team members. Be available to unblock any issues they may face during their work.
• Deep Reverse Engineering: Lead in-depth reverse engineering efforts on complex software applications running on Linux, Android, or Real-Time Operating Systems (RTOS).
• Advanced Application Assessment and Debugging: Utilize advanced application assessment and debugging tools, such as Frida, GDB debugger, and others, for in-depth analysis and assessment of software for vulnerabilities.
• Expertise in Emulation or Simulation Engines: Leverage deep expertise in working with emulation or simulation engines like Qemu, Qiling, Qdb, Unicorn, Capstone, etc., for highly advanced analysis and research.
• C or C++ Development: Utilize your advanced C or C++ programming skills to work with embedded software systems.

Required Qualifications:

• Bachelor’s degree in computer science, computer engineer
• 5+ years of related experience
• Extensive experience working with disassemblers such as IDA Pro, Binary Ninja, radare2, or Ghidra.
• Proficiency in advanced fuzzing concepts, including Coverage-guided, Fuzzing Workflow, and Crash Analysis.
• Mastery of fuzzing tools such as LibFuzzer, AFL++, or Honggfuzz.
• In-depth understanding of ARM assembly languages.
• Proficiency in advanced testing techniques such as Symbolic Execution, Concolic Execution, or Differential Fuzzing.
• Comprehensive experience using Qemu.
• Proven expertise in analyzing crash reports for debugging or identifying vulnerabilities.

Preferred Qualifications:

• Master’s degree in computer science, computer engineer
• 3 years related experience.
• Familiarity with tools like Qiling, QBDI, Unicorn, Capstone

Lucid maintains your privacy according to its Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.   To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to our careers alias or other Lucid Motors employees. Lucid Motors is not responsible for any fees related to unsolicited resumes.