Vulnerability Researcher

Analysis, Android, Architecture, Development, Encryption, HTTP, iOS, Materials, PHP, Programming, Protocol, Protocols, Python, Research, Security, Source Code, Windows, XML
Full Time
Telecommuting not available Travel not required

Job Description

Reverse Engineer

 

 

Job ID TBD

 

 

Reverse Engineer

 

 

Opportunity

 

 

Do you like new challenges every day? Do you thrive in dynamic real-time situations? We're looking for smart creative problem solvers to work with our customers in an operational environment creating software tools that meet critical national security needs and make the world a safer place. We need reverse engineers who can analyze a variety of binary software products, environments and programming languages/frameworks/platforms (Windows, MAC OS, iOS, Android) You will be an integral member of a highly-skilled and dynamic team that developing state of the art full spectrum cyber capabilities. Responsibilities include analyzing and deconstructing software applications and protocols, identifying potential attack vectors of all types on all platforms, triage, categorization, and analysis of discovered vulnerabilities and development of proof of concept (PoC) code. At Employer, we specialize in solving complex problems on a daily basis. We have a roster including some of the best and the brightest in the industry, and we provide a great place to grow your career.

 

 

Qualifications

 

 

Required Qualifications:

 

 

5 years overall engineering experience with 2 yrs of Vulnerability research and/or Reverse engineering.

 

 

U.S. citizenship is required.

 

 

Active Top Secret Security Clearance with SCI eligibility

 

 

Desired Experience :

 

 

Software reverse engineering - Experience using IDA Pro to determine how an application works and processes data. This could include x86, ARM, ARM64 etc.

 

Experience identifying zero days including memory corruption bugs for example stack overflows, heap overflows, integer overflows, logical flaws.

 

Experience with mitigation techniques (ASLR, Stack cookies, non-executable memory).

 

File format reverse engineering - Experience determining how files are structured, understanding the standard methods for encoding data from Base64 to ASN1.

 

Encryption - A good understand of how symmetrical and asymmetrical encryption works, certificate chain of trust, crypto weaknesses etc.

 

Protocol Analysis - Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML etc.

 

Fuzzing - Experience of writing and running fuzzers, understanding of the differences between dumb and more intelligent fuzzers, and how reverse engineering feeds the process.

 

Coding - The ability to quickly write programs to accomplish point solutions in languages like Python, C, C++, C#, PHP.

 

Code Review - The ability to review source code to identify bugs and vulnerabilities.

 

Operating Systems Architecture - Knowledge of how operating systems work from "user land" code right through to the kernel.

 

 

Applicants selected for employment will be subject to a Federal background investigation and must meet additional eligibility requirements for access to classified information or materials.

 

 

 

 

Department: Cybersecurity
Dice Id : 10120548
Position Id : 3625_15505837
Have a Job? Post it