Senior Vulnerability Researcher

Posted:
10/25/2024, 5:17:10 AM

Location(s):
Arlington, Virginia, United States ⋅ Virginia, United States

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Software Engineering

Workplace Type:
On-site

STR is hiring a Senior Vulnerability Researcher who has a passion for research and analysis of vulnerabilities in cyber physical systems. Work must be performed onsite

What you'll do:

  • Reverse engineering complex software or firmware targets, ranging from typical Windows/Linux binaries to embedded firmware running non-traditional computer architectures and operating systems
  • Developing and applying automated reverse engineering and binary analysis tools to characterize protocols, interfaces, and functionality of target systems
  • Developing innovative cybersecurity solutions
  • Working in multi-discipline teams to tackle challenging problems from a wide variety of technologies to develop innovative cybersecurity solutions
  • Performing vulnerability weaponization, exploit development, payload development, and exploit mitigation on a variety of challenging targets
  • Developing custom emulation solutions to enable dynamic analysis
  • Documenting, demonstrating, and presenting research
  • Solving real world problems that have an impact on national security

Who you are:

  • This position requires an Active Top Secret (TS) security clearance, for which U.S. citizenship is needed by the U.S. Government
  • BS, MS or PhD in Computer Science, Computer Engineering, Cybersecurity or related field (or equivalent work experience)
  • 5+ years of relevant professional experience
  • Experience with binary analysis of software/firmware
  • Experience with disassembly tools, such as IDA Pro, Binary Ninja, or Ghidra
  • Experience with DSP architectures, such as Texas Instruments, STMicroelectronics, NXP, or Analog Devices.
  • Proficiency in one or more programming languages: C/C++, Python, etc.
  • Proficiency in one or more Assembly Languages: x86, ARM, etc.
  • General understanding of reverse engineering fundamentals: memory layout, calling conventions, etc.

Nice to haves:

  • Vulnerability research and analysis
  • Knowledge of weaponizing discovered vulnerabilities into exploits
  • Implant or software patch development
  • Familiarity with binary emulation or vulnerability research, including tools such as QEMU or AFL++
  • Operating system internals including memory/process/thread management
  • Embedded systems or firmware analysis
  • Knowledge of anti-reverse engineering techniques
  • Analyzing protocols or message structures
  • Knowledge of binary file structures and formats
  • Developing automated reverse engineering or software analysis tools
  • Developing disassembler/decompiler modules
  • Debugging software without source code
  • Analyzing and reconstructing code/data flow
  • Knowledge of intrusion detection and anti-malware systems and techniques

STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.

STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer.

STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.


STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.

If you need a reasonable accommodation for any portion of the employment process, email us at [email protected] and provide your contact info.

Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.