Security Vulnerability Validation Engineer
Description:
Russell Tobin & Associates is currently seeking a Security Vulnerability Validation Engineer to work for our client, a leading AI research and deployment company dedicated to ensuring that artificial general intelligence (AGI) benefits all of humanity. They are known for their cutting-edge advancements in AI technologies. Apply now for consideration!
Pay: $60-$84/hr. based on experience
Location: Remote-US
Security Vulnerability Validation Engineers will triage and validate security vulnerabilities discovered across a range of platforms and technologies, including web applications, APIs, and traditional system-level targets.
Core Responsibilities
Reproduce and validate security bugs (memory safety, logic bugs, and web vulns).
Build minimal reproducible examples and proof-of-concept (PoC) exploits.
Triage issues based on severity, exploitability, and real-world impact.
Validate LLM-generated findings in both server-side and client-side environments.
Collaborate with the disclosure team on responsible vendor outreach.
Maintain Docker-, QEMU-, and browser-based validation environments.
Provide feedback to internal researchers to improve bug quality and ranking.
Must-Have Skills:
Systems Security
Deep understanding of memory corruption vulnerabilities: buffer overflows, UAFs, heap overreads, integer overflows, etc.
Proficiency with C/C++, and Python.
Experience with tools like ASan, Valgrind, GDB, strace, and OSS build systems.
Ability to reverse engineer binaries (Ghidra/Binary Ninja experience).
V8 and other Javascript engine exploitation skills are a bonus
Web Security
Strong grasp of web application vulnerabilities: XSS, CSRF, SQLi, SSRF, auth bypasses, prototype pollution, etc.
Familiarity with modern web stacks: Node.js, Flask, Django, React/Vue, REST/GraphQL APIs.
Experience validating issues via tools like Burp Suite, mitmproxy, Chrome DevTools, or custom HTTP clients.
Can write JavaScript and browser-based PoCs.
Nice-To-Have Skills:
Prior web vuln bounty or CVE contributions.
Hands-on work with browser exploit chains or fuzzing frameworks.
Familiarity with SAST/DAST tooling pipelines.
Russell Tobin offers eligible employees comprehensive healthcare coverage (medical, dental, and vision plans), supplemental coverage (accident insurance, critical illness insurance and hospital indemnity), a 401(k)-retirement savings, life & disability insurance, an employee assistance program, identity theft protection, legal support, auto and home insurance, pet insurance, and employee discounts with some preferred vendors.