Vulnerability Researcher
To Apply for this Job Click Here
Our client is seeking a Vulnerability Researcher to work in the Columbus, OH location.
Do you have a passion for understanding how things work, and ultimately, how they break? Do you enjoy working with discovering vulnerabilities and debugging programs with tools like gdb or QIRA? Does creating automated, scalable and reverse engineering tools and pipelines excite you? If you answered yes to these questions, this is the job for you!
Responsibilities:
- Collaborate with the team members to develop software systems that aid in data analytics, network-based applications, reverse engineering tasks, embedded system development, and integration of hardware.
- Identifies and articulates strengths and weaknesses of solutions, conclusions, and problem approaches during technical discussions.
- Demonstrates awareness of deliverables and their role within the project plan. Identifies and executes steps necessary to complete less structured assignments with limited guidance from SMEs.
- Works with internal and external stakeholders to prepare and present technical content tailored to the client’s mission. Leads technical discussions, demonstrating command of the technology and adequately fielding questions which arise.
- Contribute to Internal Research and Development (IRAD) studies and may lead small IRAD tasks.
- Seeks out technical experts for collaboration and facilitates technical discussions with lower-level staff.
- Demonstrates understanding of business product offerings and contributes to marketing / business development by providing technical expertise during marketing engagements as well as supporting business development efforts led by others.
- Forms technical approach and generates technical volumes for small proposals with minimal guidance and leads Work Breakdown Structure (WBS) creation and labor estimates.
- Work with disassemblers and debuggers to quickly understand how embedded devices operate.
- You will use and build tools that push past the edge of current tools and techniques.
- In a given day you will research and debug an embedded device while getting the chance to bounce ideas off of a close-knit team of researchers. We have the tools and the mentors you will need to take yourself to the next level and who are eager to learn from your experience.
Key Qualifications:
- Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or related field of study with 5 years of experience; Master’s degree in related field with 2 years of experience; PhD in a related field; or an equivalent combination of education and experience
- Develop software to run in user-mode or kernel-mode
- Ability to code in C or C++
- Ability to use a scripting language (Python, Perl, Ruby, etc.)
- Experience with PC and embedded systems architecture to include boot processes and OS internals
- Experience with a disassembler for vulnerability research (IDA Pro, BinaryNinja, etc.)
- Understand network protocols
- Experience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.)
- Experience with one or more debuggers (WinDbg, OllyDbg, gdb, etc.)
- Experience with vulnerability research on one or more operating systems: Android, iOS, Windows, Linux, MacOS, VxWorks, QNX, RTOSs, or other custom operating systems
- Ability to demonstrate good organization, communication, problem-solving, and teamwork skills
- Knowledge of common mitigation techniques (DEP, ASLR, etc.)
- Familiarity with fuzzers
- Active Secret security clearance
- Must be a sole US citizen
Preferred Qualifications:
- Participation in CTFs
- Ability to analyze assembly-level code on multiple platforms (x86, x64, ARM, MIPS, PowerPC, etc.)
- Experience with symbolic analysis
- Ability to analyze network protocols throughout all layers of the network stack
- Background in software engineering and architecture
- Active Top Secret security clearance
SOME OF THE EXTRAS THAT MAKE WORKING HERE GREAT
- Learn (tuition assistance, paid training) and teach (get published, speak at a conference)
- Software and Intellectual Property development royalty sharing
- Mentorship and learning culture
- Internally funded and guided research projects with large amounts of individual autonomy