Job Description
Key Responsibilities Triage newly disclosed vulnerabilities (CVEs, vendor advisories, security research) to assess real-world exploitability and impact. Reproduce and verify publicly reported or vendor-patched vulnerabilities in controlled lab environments to confirm exploitability and characterize attacker preconditions. Perform patch diffing and root-cause analysis to understand how a vulnerability works and how it's likely to be exploited in practice. Document findings in structured, standardised formats for ingestion into the threat intelligence portal (technical writeups, exploitation timelines, affected versions, indicators). Develop detection artefacts (e.g. signatures, indicators of compromise) alongside PoC verification work, where relevant. Track and correlate vulnerability disclosures against real-world exploitation evidence and threat actor activity. Contribute technical research to the company's blog posts, advisories and reports that build STAR Labs SG's reputation in the vulnerability intelligence space. Operate within a clear responsible disclosure and data-handling framework. All work is documented, defensively purposed, and consistent with coordinated vulnerability disclosure norms. Requirements Strong background in vulnerability research, reverse engineering, or exploit analysis (CTF experience, CVEs, bug bounty history, or equivalent portfolio). Solid understanding of common vulnerability classes (memory corruption, injection, auth bypass, deserialization, etc.) across at least one major platform (web, Windows, Linux, or embedded). Experience with reverse engineering and debugging tools (e.g. Ghidra, IDA Pro, WinDbg, gdb). Ability to write clear, structured technical analysis for both technical and non-technical audiences. Comfortable working with a defined, documented research and disclosure process rather than ad hoc offensive tooling development. Experience with patch diffing tools and techniques. Familiarity with threat intelligence concepts