OR · On-site
$133.06K - $175K/yr
... and exploit development * Assist the Federal presales, support, and customer success teams ... Experience in vulnerability management measurement, reporting, and remediation Salary Range: $133 ...
OR · On-site
$133.06K - $175K/yr
... and exploit development * Assist the Federal presales, support, and customer success teams ... Experience in vulnerability management measurement, reporting, and remediation Salary Range: $133 ...
Security Research Engineer
OR · On-site +1
$146.70K - $214.80K/yr
Vulnerability triage and proof of concept exploit development to support the creation of detection ... The starting salary range posted for this position is $146,700.00 to $214,800.00 and reflects the ...
Security Research Engineer
OR · On-site +1
$146.70K - $214.80K/yr
Vulnerability triage and proof of concept exploit development to support the creation of detection ... The starting salary range posted for this position is $146,700.00 to $214,800.00 and reflects the ...
$112.20K - $196.40K/yr
... exploit/CNO tool development * 8+ yearsofpython development experiencewithin small to ... Salary Range: $112,200.00 - $196,400.00 We value our employees and want our employees to take care ...
Salaried Exploit Development information
What are the key skills and qualifications needed to thrive as a Salaried Exploit Developer, and why are they important?
To thrive as a Salaried Exploit Developer, you need deep expertise in computer science, reverse engineering, vulnerability analysis, and low-level programming, often backed by a degree in computer science or related field. Familiarity with tools like IDA Pro, Ghidra, debuggers, and operating system internals is crucial, and certifications such as OSCP or OSCE can be advantageous. Creativity, persistence, and strong problem-solving abilities are standout soft skills in this role. These qualifications are essential for identifying, developing, and responsibly handling software exploits in a secure and ethical manner.
What are some typical challenges encountered by professionals in salaried exploit development roles?
Professionals in salaried exploit development roles often face challenges such as staying current with rapidly evolving security technologies and patch cycles. They must continuously research new vulnerabilities and develop creative solutions to bypass updated security mechanisms, which can be highly demanding. Collaborating closely with security analysts and other developers is essential to ensure responsible disclosure and risk management. Additionally, balancing project deadlines with the need for meticulous testing and documentation can be a significant challenge in this field.
What is a Salaried Exploit Developer?
A Salaried Exploit Developer is a cybersecurity professional who is employed by an organization to research, identify, and develop software exploits—ways to take advantage of vulnerabilities in computer systems or applications. Unlike freelance or independent security researchers, salaried exploit developers work as part of a security team, often within penetration testing firms, defense contractors, or tech companies. Their work can involve both offensive (discovering vulnerabilities to test defenses) and defensive (helping to patch or mitigate vulnerabilities) tasks. These roles require strong programming skills, a deep understanding of operating systems, and knowledge of security protocols. Salaried Exploit Developers may also be involved in responsible disclosure of vulnerabilities to affected vendors.
What is the difference between Salaried Exploit Development vs Penetration Tester?
| Aspect | Salaried Exploit Development | Penetration Tester |
|---|---|---|
| Credentials | Security certifications, programming skills | Security certifications, testing experience |
| Work Environment | Research labs, security firms, internal teams | Client sites, corporate environments, consulting firms |
| Industry Usage | Cybersecurity, offensive security | Cybersecurity, vulnerability assessment |
Salaried Exploit Developers focus on creating and testing exploits for security research or defensive purposes, often working in labs or R&D settings. Penetration Testers simulate attacks to identify vulnerabilities in client systems. While both roles require security knowledge and technical skills, Exploit Developers primarily develop exploits, whereas Penetration Testers perform assessments and reporting. Understanding these differences helps clarify career paths and employer expectations in cybersecurity.
What are the most commonly searched types of Exploit Development jobs in Oregon? The most popular types of Exploit Development jobs in Oregon are:
What are popular job titles related to Salaried Exploit Development jobs in Oregon? For Salaried Exploit Development jobs in Oregon, the most frequently searched job titles are:
What job categories do people searching Salaried Exploit Development jobs in Oregon look for? The top searched job categories for Salaried Exploit Development jobs in Oregon are:
Job description
Job Summary:
As a Product Security Engineer working in our Federal accounts, you will gain invaluable experience at a visionary identity security company. The position requires a passion for application security, solving both technical and organizational challenges, with the ability to work in a challenging, distributed and Infrastructure-as-Code development environment, excellent communications skills, and attention to the latest security best practices.
This role focuses on product security (application security) for Ping's identity platform. Product Security Engineers partner closely with engineering teams to review code, identify vulnerabilities, and improve the security posture of production software across Ping's revenue-generating products.
We are particularly interested in engineers who developed a passion for security and transitioned into application security or DevSecOps roles. Candidates with a background in software engineering, platform engineering, or DevOps who now focus on security are strongly encouraged to apply.
Responsibilities:
- Own multiple Security Engineering assignments working with Ping Identity products, processes, and tooling
- Assist in proposing, developing, and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams
- Work with the product teams to perform security design/code reviews and vulnerability assessment and management in an agile environment
- Perform application security tasks including threat modeling, developer code reviews, consulting, static code analysis, dynamic runtime fuzzing, building custom tools, and automation and exploit development
- Assist the Federal presales, support, and customer success teams responding to prospect, customer, and field questions related to product and industry security
- Engage with third-party security consultants for independent security assessments, bug bounties, and penetration testing of the product
Required Qualifications:
- Ability to meet U.S. citizenship and residency eligibility requirements associated with supporting FedRAMP-regulated environments.
- 2+ years of application security experience across areas such as API Security, Web Application Security, Enterprise Application Security, and Mobile Application Security
- 3+ years of developing commercial software products
- Hands-on experience working with Secure Software Development Lifecycle (SSDLC) security tooling, such as source code scanning tools (SAST) and third-party dependency or software composition analysis (SCA)
- Strong understanding of modern authentication and identity standards, including OAuth 2.0, OpenID Connect (OIDC), and SAML
- Ability to review application code for security vulnerabilities, ideally in Java or Go
- Experience identifying and mitigating vulnerabilities aligned with OWASP Top 10
- Familiarity with cloud-native application environments, including Google Cloud Platform (GCP) or AWS, and containerized platforms such as Docker and Kubernetes
- Understanding of networking protocols and modern data center architecture
- Exceptional problem-solving skills, curiosity about the inner workings of systems, and strong attention to detail and documentation
Preferred Qualifications:
- Experience in security and compliance for FedRAMP solutions, including understanding of NIST, DoD, and related security standards
- Security certifications such as CISSP, CSSLP, GIAC, or OSCP
- Experience with Linux environments, administration, security, internals
- Experience with identity and access management (e.g. OAuth 2.0, OpenID Connect, SAML 2.0, Active Directory, 2FA/MFA, LDAP, SCIM, FAPI, OpenBanking)
- Experience with CI/CD in Federal or US government cloud deployment (e.g., AWS GovCloud, Azure, or GCP)
- Experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible
- Experience in vulnerability management measurement, reporting, and remediation
Salary Range: $133,060-$175,000
In accordance with Colorado's Equal Pay for Equal Work Act (SB 19-085) the approximate compensation range for this role in Colorado is listed above. Final compensation for this role will be determined by various factors, such as knowledge, skills, and abilities.
About Ping Identity
Sourced by ZipRecruiter
Industry
Software development
Company size
1,001 - 5,000 Employees
Headquarters location
Denver, CO, US
Year founded
2002