Job
Description
About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Show more Show less
