Vulnerability Researcher

STR is hiring a Vulnerability Researcher who has a passion for research and analysis of vulnerabilities in cyber physical systems. Work must be performed onsite.

What you will do:

• Reverse engineering complex software or firmware targets, ranging from typical Windows/Linux binaries to embedded firmware running non-traditional computer architectures and operating systems
• Developing and applying automated reverse engineering and binary analysis tools to characterize protocols, interfaces, and functionality of target systems
• Developing innovative cybersecurity solutions
• Working in multi-discipline teams to tackle challenging problems from a wide variety of technologies to develop innovative cybersecurity solutions
• Performing vulnerability weaponization, exploit development, payload development, and exploit mitigation on a variety of challenging targets
• Developing custom emulation solutions to enable dynamic analysis
• Documenting, demonstrating, and presenting research
• Solving real world problems that have an impact on national security

Who you are:

• This position requires an Active Secret security clearance and the ability to obtain a Top Secret (TS) clearance, for which U.S. citizenship is needed by U.S. Government.
• BS, MS or PhD in Computer Science, Computer Engineering, Cybersecurity or related field (or equivalent work experience)
• 5+ years of relevant professional experience
• Experience with binary analysis of software/firmware
• Experience with disassembly tools, such as IDA Pro, Binary Ninja, or Ghidra
• Proficiency in one or more programming languages: C/C++, Python, etc.
• Proficiency in one or more Assembly Languages: x86, ARM, etc.
• General understanding of reverse engineering fundamentals: memory layout, calling conventions, etc.

Nice to have:

• Active Security Clearance at the Top Secret (TS) level
• Vulnerability research and analysis
• Knowledge of weaponizing discovered vulnerabilities into exploits
• Implant or software patch development
• Familiarity with binary emulation or vulnerability research, including tools such as QEMU or AFL++
• Operating system internals including memory/process/thread management
• Embedded systems or firmware analysis
• Knowledge of anti-reverse engineering techniques
• Analyzing protocols or message structures
• Knowledge of binary file structures and formats
• Developing automated reverse engineering or software analysis tools
• Developing disassembler/decompiler modules
• Debugging software without source code
• Analyzing and reconstructing code/data flow
• Knowledge of intrusion detection and anti-malware systems and techniques