Security Research Engineer-Bas Attacks

Job Title: Security Research Engineer

Department/Group: Product Engineering

Location: Remote (India)

Years of Experience 5+Years

About Hive Pro

Hive Pro is a recognized innovator in Threat Exposure Management (TEM). Uni5 from Hive Pro enables organizations to continuously, contextualize, prioritize, and resolve all threats against their assets through a single platform. HiveForce Labs curates and keeps organizations up to date on how to address their most pressing attacks, vulnerabilities and threats on an ongoing basis. Uni5 from Hive Pro fundamentally changes the way businesses consume cybersecurity. With an open architecture and integration with best-of-breed point solutions, the Uni5 platform allows users to map their assets and security environment, test and prioritize their relevant
vulnerabilities, and automate the necessary patch and remediation activities. The CISO from one of our customers may have summed it up best with the following quote, We are finally able to focus on vulnerabilities that matter, respond to them faster, and eliminate noise. To learn more about us go to www.hivepro.com.

JOB DESCRIPTION

We are seeking a highly skilled and detail-oriented Security Research Engineer to join our growing Product team. As a key member of
our organization, you will play a critical role in ensuring the accuracy, clarity, and completeness of our technical documentation. Who
can collaborate with our superstar engineering team, work with cutting-edge technologies, and contribute to building world-class
platforms and applications that redefine how people engage with cybersecurity.

ROLE AND RESPONSIBILITIES

• Think like an adversary, probe, and identify potential attack vectors.
• Analyze, design, implement, test, and maintain attack simulation scenarios that include adversarial tactics,
• techniques, and procedures (TTPs), vulnerability exploits, malware payloads, etc.
  Stay abreast of the latest offensive strategies, cybersecurity defenses, technologies, methodologies, policies, and breaches.
• Identify zero-day vulnerabilities, latest exploits, common vulnerabilities, various attack patterns, and tactics.
• Deploy and configure the test infrastructure for the development and testing of simulation payloads.
• Develop and integrate Sigma, Yara, and Snort signatures for detecting and mitigating the payloads created.
• Deliver technical analysis based on simulation results.
• Ensure that all attack payloads adhere to defined success criteria, capturing key indicators of success or failure.
• Work closely with other engineering teams to ensure smooth integration of payloads into the platform.

QUALIFICATIONS AND EDUCATION REQUIREMENTS

• Proficient in one or more scripting languages such as Python, PowerShell, Bash, and Shell.
• Strong background in Offensive Security, Red Teaming, Ethical Hacking, application security, infrastructure security, and breach & attack simulations. Hands-on experience in developing Sigma, Yara, and Snort signatures.
• Deep knowledge of attack vectors, adversarial tactics, techniques, and procedures (TTPs), and how they apply to network, cloud, application, Windows, and Linux environments.
• Strong understanding of common vulnerabilities and exploits, with the ability to create payloads for a wide variety of attack scenarios.
• Experience with Bug Bounty programs and/or Breach & Attack Simulation (BAS).
  Ability to think critically and out-of-the-box when identifying attack scenarios and vulnerabilities.
• Excellent verbal and written communication skills.
• Familiarity with the latest trends in cybersecurity, vulnerabilities, and mitigation techniques.
• A self-starter with a growth mindset and a willingness to continuously learn and improve.
  Strong logical and analytical skills.
• Hands-on experience with tools like Metasploit, Burp Suite, Cobalt Strike, and similar red-team tools.
• Experience with cloud infrastructure (AWS, Azure, GCP) and cloud-specific security challenges.
• Ability to integrate and automate payloads in a continuous delivery pipeline.
• Understanding of detection technologies (IDS/IPS, SIEM, EDR) and bypass techniques.