SanFranRecruiter Since 2001
the smart solution for San Francisco jobs

Senior Systems Security Engineer and Vulnerability Researcher

Company: DFINITY
Location: San Francisco
Posted on: April 1, 2025

Job Description:

We are seeking an experienced Senior Systems Security Engineer & Vulnerability Researcher with deep expertise in OS security, container security, hypervisor security, and process sandboxing. The role requires robust offensive security skills in identifying and exploiting vulnerabilities, particularly within the Internet Computer (IC) platform and its execution environments.The ideal candidate will conduct thorough security research, perform vulnerability assessments, develop exploits, and continuously monitor/improve security posture of the IC platform.This is a hybrid-onsite position (onsite 3x per week), based out of our new office in the heart of San Francisco.Key Responsibilities:Hypervisor & Virtualization Security

  • Research and mitigate security risks in QEMU-based virtualization, VM isolation, and guest-to-host escape vulnerabilities.
  • Analyze attack surfaces within virtual machines, hypervisors, and inter-VM communication mechanisms.
  • Develop and test exploit techniques targeting hypervisor weaknesses, side-channel leaks, and container escapes.
  • Design and enhance secure VM execution models and Trusted Execution Environments (TEE) using AMD SEV-SNP to enforce strong VM isolation, protect workloads from compromised hypervisors, and ensure memory confidentiality and integrity.Operating System & Process Isolation Security
    • Strengthen Linux OS security, including process isolation, sandboxing, and syscall filtering.
    • Improve Mandatory Access Control (MAC) policies (SELinux) to enforce stricter access controls.
    • Research and refine sandboxing strategies to contain untrusted processes. Assess process sandboxing techniques to contain untrusted execution.
    • Identify and mitigate kernel privilege escalation vectors, particularly in containerized and virtualized environments.Vulnerability Research & Exploit Development
      • Perform reverse engineering, binary analysis, and fuzzing to uncover vulnerabilities across OS, hypervisor, and VM execution layers.
      • Develop proof-of-concept (PoC) exploits to validate security threats and recommend mitigation strategies.
      • Analyze and improve secure boot mechanisms, firmware security, and disk encryption strategies for virtualized environments.Security Hardening & Mitigations
        • Work closely with engineers to design and implement hypervisor and VM security mitigations.
        • Research and propose hardened runtime environments that defend against modern attack techniques.
        • Track emerging threats in virtualization security, container security, and OS sandboxing.Red Team Strategy & Execution
          • Lead and design sophisticated Red Team operations targeting Internet Computer Protocol, governance, subnets, nodes, and system dApps.
          • Develop adversary emulation plans to test both platform and infrastructure defenses, identifying weaknesses before they can be exploited.Requirements:
            • Deep understanding of Linux security internals, including kernel attack surfaces, syscall security, privilege separation and process isolation.
            • Expertise in QEMU/KVM security, including guest-to-host escapes, hypervisor hardening, and VM isolation techniques.
            • Hands-on experience analyzing hypervisor-level attacks, VM escape techniques, and virtualization security mitigations.
            • Understanding of side-channel vulnerabilities (e.g., Spectre, Meltdown, L1TF, MDS) affecting virtualization environments.
            • Proficiency in Trusted Execution Environments (TEE) and secure virtualization, with a focus on QEMU and AMD SEV-SNP for workload confidentiality and integrity.
            • Experience with reverse engineering tools (Ghidra, IDA Pro, Binary Ninja, binwalk) and fuzzing frameworks.
            • Skilled in adversary emulation, lateral movement techniques, privilege escalation, and exfiltration tactics.
            • Expertise in securing containerized environments, including Kubernetes security, container hardening, and runtime protection.Base Salary Range: $175,000 - $240,000/yrThis position can be considered across multiple levels. Total compensation at DFINITY consists of base salary + generous bonus and is determined based on multiple factors including job leveling, areas of expertise, educational background, geographic location and overall experience.In addition to the cash components of our offers, we have generous benefits including top tier medical, dental, and vision insurance; disability insurance; life insurance; 401(k); flexible PTO policy in addition to paid holidays.
              #J-18808-Ljbffr

Keywords: DFINITY, San Francisco , Senior Systems Security Engineer and Vulnerability Researcher, Other , San Francisco, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Forgot password?

Get the latest California jobs by following @recnetCA on Twitter!

San Francisco RSS job feeds