Careers at Binarly

Security Researcher

About Binarly

At Binarly, we go deep into firmware, binary code, and the parts of the software supply chain that are hardest to inspect. We find what others miss, disclose it responsibly, and build the tools that make the invisible visible.


We are a team of researchers, engineers, and builders who care deeply about the work. Our discoveries, including LogoFAIL and PKfail, have made global headlines. Beyond the headline findings, we drive the field forward through hundreds of published advisories (https://www.binarly.io/advisories), in-depth research blogs (https://www.binarly.io/blog), and open source tools (https://www.binarly.io/tools). Our platform is trusted by some of the biggest and most security-conscious organizations on the planet.


The problems we work on are hard, and that's the appeal. We move fast, dig deep, and care about getting things right. If you want to do genuinely interesting work, alongside people who are excellent at what they do, on problems that matter, you'll fit in well here.


We offer competitive compensation, flexible schedules, the ability to work remotely, and a culture built on transparency, trust, and a genuine passion for our craft. Our team is small, our impact is outsized, and we are always looking for people who want to be part of something that matters.


If that sounds like you, we'd love to meet you.

Description

In this role, you will conduct vulnerability research on complex systems. This will involve analysing and reverse-engineering compiled binaries and firmware images to map attack surfaces and uncover security flaws across a wide range of targets.


You'll design and build program analysis pipelines and checkers that surface these flaws systematically, develop tooling and automation that turn research into platform capabilities operating at scale.


Taking ownership is important for the role. You will independently scope and execute research projects, from the initial hypothesis to the development of usable product capabilities. You will work with minimal oversight in an environment that rewards deep technical expertise and original thinking.

Minimum qualifications

  • Proven experience in vulnerability research or offensive security
  • Solid understanding of common vulnerability classes (e.g. memory corruption, logic flaws, race conditions) and low-level system behaviour
  • Proficiency with at least one reverse engineering tool (IDA, Ghidra, Binary Ninja or similar)
  • Ability to work autonomously and take ownership of research projects
  • Fluent reading and writing code across several languages, including Rust, C, C++ and Python

Nice to have

  • Deep expertise in at least one of the following areas, ideally with a broad knowledge spanning several:
    • Program analysis (e.g. building custom analysis frameworks, engines, or tooling)
    • Development of fuzzers, analysis pipelines, or automated vulnerability discovery systems
    • Extending reverse engineering platforms through plugins or custom tooling
    • Low-level systems knowledge (e.g. firmware, bootloaders, operating systems, runtime internals)
    • Vulnerability research of UEFI firmware, POSIX-based firmware (BMC, routers, etc), RTOS
    • Use AI/ML tools to enhance your security research workflow or develop autonomous capabilities
  • Experience translating research findings into practical tools or capabilities
  • Track record of independent research, publications, or high-impact vulnerability discoveries

Compensation & Location

We hire globally. While this role may appear as US-based on some platforms, we welcome applicants from anywhere and work with international candidates through appropriate contracting arrangements. Compensation is tailored to each candidate's experience and location.


Benefits and perks (equipment allowance, training budget, health coverage, etc.) vary by employment type and location. We'll walk through what applies to you and finalize the specifics together during the offer conversation.

Research & Development

Remote (Remote-Worldwide, US)

Teilen auf:

NutzungsbedingungenDatenschutzCookiesPowered by Rippling