Sr. Cyber Vulnerability Researcher

RAYTHEON COI

We take our work and our fun seriously. We refuse any work that isn’t hard and engaging. We make sure our engineers have the tools they need to do their jobs, and focus on recognizing results. Surfboards, pirate flags, and DEFCON black badges decorate our offices, and our Nerf collection dwarfs that of most toy stores. Our research and development projects cover the spectrum of security technologies for Computer Network Operations. If it runs code, somebody in our office has looked at it.

Key areas of focus include: 

• Reverse Engineering
• Vulnerability Research
• Wireless and Network Communications
• Hypervisors
• Malware
• Mobile/Embedded Development
• Win32/Linux Kernel development
• Constraint Solving
• Exploit mitigation techniques

Basically, if it’s in the CNO realm, we’re doing something cool with it.

Information security continues to be a growth industry and we are constantly looking to find the right candidates who can do this challenging work.

Requirements:

• Familiarity with at least one common low-level architecture (x86, ARM, etc) is important, as is the ability to conduct vulnerability research against applications compiled for that architecture.
• Experience with software protection and binary armoring is a plus, and familiarity with modern exploit mitigation techniques and counter-measures is a must.

Development experience is desired, but at least some scripting experience is required. Whether in python, ruby, or some other language, you should be capable of quickly developing the tools needed to help you succeed in your reverse engineering and vulnerability research efforts. The strongest candidates will have a variety of low-level operating systems experience as well as cross-platform vulnerability research. If you've written everything from a kernel paged pool exploit to a simple userland stack-based buffer overflow, built your own dynamic instrumentation and integrated a solver to help you identify and reach code, or modified emulators and JIT engines to add your own instrumentation to help you identify entire classes of vulnerabilities, you'll be right at home.

Candidates must be able to play both sides of the fence, both defeating and developing new and advanced security techniques. Projects will be undertaken in small teams with close coordination with customers to quickly enhance capabilities or resolve issues in existing tools.

As the majority of our customers are government agencies, all candidates must meet the minimum qualifications for access to classified information. U.S. citizenship is required. Must have a minimum SECRET Clearance. All candidates must be able to obtain and maintain a government security clearance.

Working as part of a team you will also need to be familiar with source management tools such as GIT and subversion.

Education:
Degrees are not required for our positions, but they can be helpful. Certifications are neither helpful nor required.