Leading the future in luxury electric and mobility
At Lucid, we set out to introduce the most captivating, luxury electric vehicles that elevate the human experience and transcend the perceived limitations of space, performance, and intelligence. Vehicles that are intuitive, liberating, and designed for the future of mobility.
We plan to lead in this new era of luxury electric by returning to the fundamentals of great design – where every decision we make is in service of the individual and environment. Because when you are no longer bound by convention, you are free to define your own experience.
Come work alongside some of the most accomplished minds in the industry. Beyond providing competitive salaries, we’re providing a community for innovators who want to make an immediate and significant impact. If you are driven to create a better, more sustainable future, then this is the right place for you.
We are seeking an experienced Senior Vulnerability Researcher to join our team and take a leading role in advancing our organization's security posture. In this position, you will apply your extensive expertise in vulnerability research, exploit development, and security analysis to identify and address software vulnerabilities.
Your responsibilities will include leading advanced vulnerability research efforts, developing complex proof-of-concept exploits, and providing mentorship to junior team members. Additionally, you will play a crucial role in automating tasks related to reverse engineering and vulnerability research. To excel in this role, you should have a strong background in disassemblers, fuzzing techniques, ARM assembly languages, symbolic execution, and debugging tools. Proficiency in using Qemu and a proven ability to analyze crash reports are also essential qualifications.
If you have a passion for cybersecurity and want to make a significant impact in enhancing security measures, we encourage you to apply
*This is an Onsite opportunity at our HQ office in Newark, CA**
- Advanced Vulnerability Research: Lead and perform advanced vulnerability research on software systems, utilizing both static and dynamic analysis methods.
- Exploit Development: Develop complex proof-of-concept exploits for identified vulnerabilities to demonstrate their potential impact.
- Documentation and Reporting: Document all research findings, including the identification and exploitation of vulnerabilities. Prepare detailed reports and presentations for team members and customers.
- Sophisticated Exploitation Techniques: Utilize advanced software and hardware exploitation methods to gain access to protected information, systems, or devices.
- Automation Leadership: Drive the development of advanced tools and techniques to automate tasks that traditionally require extensive manual reverse engineering efforts, vulnerability research, and binary fingerprinting.
- Mentorship and Technical Leadership: Provide mentorship, guidance, and technical leadership to junior team members. Be available to unblock any issues they may face during their work.
- Deep Reverse Engineering: Lead in-depth reverse engineering efforts on complex software applications running on Linux, Android, or Real-Time Operating Systems (RTOS).
- Advanced Application Assessment and Debugging: Utilize advanced application assessment and debugging tools, such as Frida, GDB debugger, and others, for in-depth analysis and assessment of software for vulnerabilities.
- Expertise in Emulation or Simulation Engines: Leverage deep expertise in working with emulation or simulation engines like Qemu, Qiling, Qdb, Unicorn, Capstone, etc., for highly advanced analysis and research.
- C or C++ Development: Utilize your advanced C or C++ programming skills to work with embedded software systems.
- Bachelor’s degree in computer science, computer engineer
- 5+ years of related experience
- Extensive experience working with disassemblers such as IDA Pro, Binary Ninja, radare2, or Ghidra.
- Proficiency in advanced fuzzing concepts, including Coverage-guided, Fuzzing Workflow, and Crash Analysis.
- Mastery of fuzzing tools such as LibFuzzer, AFL++, or Honggfuzz.
- In-depth understanding of ARM assembly languages.
- Proficiency in advanced testing techniques such as Symbolic Execution, Concolic Execution, or Differential Fuzzing.
- Comprehensive experience using Qemu.
- Proven expertise in analyzing crash reports for debugging or identifying vulnerabilities.
- Master’s degree in computer science, computer engineer
- 3 years related experience.
- Familiarity with tools like Qiling, QBDI, Unicorn, Capstone
The compensation range for this position is specific to the locations listed below and is the range Lucid reasonably and in good faith expects to pay for the position taking into account the wide variety of factors that are considered in making compensation decisions, including job-related knowledge; skillset; experience, education and training; certifications; and other relevant business and organizational factors.
- California (Bay Area) - $127,000 - $165,000 per year
Additional Compensation and Benefits:
Lucid offers a wide range of competitive benefits, including medical, dental, vision, life insurance, disability insurance, vacation, and 401k. The successful candidate may also be eligible to participate in Lucid’s equity program and/or a discretionary annual incentive program, subject to the rules governing such programs. (Cash or equity incentive awards, if any, will depend on various factors, including, without limitation, individual and company performance.)
Lucid maintains your privacy according to its Candidate Privacy Notice. If you are a California resident, please refer to our California Candidate Privacy Notice.
At Lucid, we don’t just welcome diversity - we celebrate it! Lucid Motors is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, national or ethnic origin, age, religion, disability, sexual orientation, gender, gender identity and expression, marital status, and any other characteristic protected under applicable State or Federal laws and regulations.
To all recruitment agencies: Lucid Motors does not accept agency resumes. Please do not forward resumes to our careers alias or other Lucid Motors employees. Lucid Motors is not responsible for any fees related to unsolicited resumes.