As a Security Engineer - Fuzzing Specialist, you will own and evolve our coverage-guided fuzzing program. Your mission is to uncover hard-to-reach security flaws before attackers do, drive fixes to closure, and help product teams to embrace dynamic testing like fuzzing. You'll scout for new attack surfaces, craft high-performance fuzzing harnesses, and design custom sanitisers that push the state of the art. Success means measurable coverage gains, actionable crash reports, and products that ship with provable resilience.
Responsibilities
* Map & prioritise fuzzing surfaces across services, libraries, APIs, and protocols; maintain a living risk-based roadmap.
* Design, build, and extend fuzzing harnesses (libFuzzer, AFL++, Honggfuzz, etc.) that improve code-path exploration and minimise false positives.
* Continuously improve coverage by growing seed corpus, deploying targeted mutation strategies, and integrating new instrumentation techniques.
* Automate crash triage & root-cause analysis; distinguish exploitable vulnerabilities from benign faults and drive CVE-level findings to remediation.
* Develop custom sanitisers to expose classes of bugs traditional fuzzing misses.
* Validate fixes & guard against regressions through differential fuzzing and regression corpora.
* Assess external disclosures (bug bounties, supply-chain advisories) to determine fuzzing detectability and refine harnesses when gaps are found.
* Document, report, and share insights - from coverage metrics to post-mortems to create data-driven security.
Qualifications
* 1+ years in application or product security with a deep focus on coverage-guided fuzzing.
* Hands‑on expertise with at least one modern fuzzing framework (e.g., libFuzzer, AFL++, Honggfuzz).
* Proficient in C/C++ plus strong scripting ability in Python for automation.
* Solid understanding of memory‑safety vulnerabilities, undefined behaviour, sanitisers, and compiler instrumentation.
* Demonstrated ability to triage crashes using debuggers, profilers, and reverse‑engineering tools (gdb/lldb, IDA/Ghidra).
* Excellent written communication for documenting findings and influencing engineering teams.
Nice To Have
* Contributions to open‑source fuzzing tools, sanitisers, or security research publications.
* Knowledge of distributed fuzzing at scale (GCP/AWS, Kubernetes, or bare‑metal clusters).
* Familiarity with kernel, embedded, or firmware fuzzing (e.g., Syzkaller, QEMU‑based harnesses).
* Background in reverse engineering, static analysis or symbolic execution.
* Experience integrating fuzzing into CI/CD pipelines and tracking coverage metrics.
If you're passionate about breaking software safely, love high‑coverage charts, and want to make a measurable dent in product security, we'd love to hear from you!
#J-18808-Ljbffr