We are looking for a mid-level Vulnerability Researcher to join our vulnerability research team. In this role, you will audit code, analyse complex systems, and identify vulnerabilities across mobile, web, native applications, and IoT devicesYou will assess applications and systems across multiple platforms, architectures, and programming languages, adapting your research approach to each target. The role is primarily focused on finding, analysing, validating, and clearly documenting security vulnerabilities through source-code review, program analysis, testing, and research-driven investigation.Reverse engineering experience is valuable, especially when source code is unavailable, but it is not a blocker for candidates with strong vulnerability research, code auditing, or application security experience.ResponsibilitiesAudit source code to identify security vulnerabilities across mobile, web, backend, API, native application, embedded, and IoT environments.Analyse applications written in different programming languages, frameworks, and technology stacks, demonstrating breadth while developing enough context to assess their security posture.Identify common and complex vulnerability classes, including memory corruption, logic flaws, authentication and authorisation issues, injection vulnerabilities, insecure deserialisation, cryptographic misuse, race conditions, sandbox escapes, and privilege escalation paths.Perform static and dynamic analysis to validate findings and understand exploitability, impact, and root cause.Develop clear Proof-of-Concepts to demonstrate vulnerabilities safely and effectively.Use and adapt security research tooling, including debuggers, fuzzers, instrumentation frameworks, test harnesses, and custom scripts.Design targeted test cases or fuzzing strategies for parsers, APIs, protocols, IPC interfaces, file formats, and application components.Research new technologies, platforms, vulnerability classes, and attacker techniques to support ongoing security research.Document findings clearly, including technical root cause, impact, reproduction steps, exploitability analysis, and remediation guidance.Collaborate with engineers, researchers, and product/security teams to communicate risk and help improve software security.Contribute to internal tools, automation, research notes, and knowledge-sharing materials.Present research findings internally, and where appropriate, contribute to external publications, advisories, blog posts, or conference material.Qualifications3–5 years of experience in vulnerability research, application security, offensive security, secure code review, penetration testing, exploit development, or a similar technical security field.Strong ability to read, understand, and audit code in multiple programming languages.Comfortable approaching unfamiliar languages, frameworks, and platforms with a research mindset.Good understanding of common vulnerability classes across web, mobile, API, cloud-connected, and native software.Experience with at least one low-level or systems language such as C, C++, Objective-C, Rust, or Go.Experience with at least one high-level language such as Python, JavaScript/TypeScript, Java, Kotlin, Swift, C#, or PHP.Ability to validate vulnerabilities through testing, debugging, instrumentation, or Proof-of-Concept development.Familiarity with secure coding concepts, authentication and authorisation models, cryptography basics, sandboxing, exploit mitigations, and operating-system fundamentals.Experience using security tools such as static analysers, debuggers, fuzzers, intercepting proxies, disassemblers, decompilers, or dynamic instrumentation frameworks.Strong written communication skills and the ability to explain complex technical findings clearly.Ability to work independently on open-ended research problems while collaborating effectively with a technical team.Curiosity, persistence, and a strong interest in understanding how systems fail.Nice to haveReverse engineering experience using tools such as Ghidra, IDA Pro, Binary Ninja, Frida, LLDB, gdb, or similar.Experience with fuzzing frameworks such as AFL++, libFuzzer, honggfuzz, syzkaller, Jazzer, or custom harnesses.Experience with mobile security on Android or iOS.Experience with native application security, memory corruption, exploit mitigations, or platform internals.Experience publishing vulnerability research, CVEs, technical blog posts, tools, or conference talks.Contributions to open-source security tools or research projects.