Senior Software Engineer, cybersecurity Experience Required
The Vulnerability Researcher provides engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.
TS/SCI with a Full Scope Poly Required Desired Skills Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs.
production-style environments Use of Unix/Windows system API&039;s Understanding of virtual function tables in C+
Heap allocation strategies and protections Experience with very large software projects a plus Kernel programming experience (WDK / Unix Linux) a significant plus Hardware/Software reverse engineering, which often includes the use of tools (eg, IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.
For Hardware reverse engineering, candidates expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (eg not interested in FPGA reverse engineering, or other circuit reverse engineering).
Candidates who can merge low-level knowledge about compilation of C/C+
code with a nuanced understanding of system design to identify and exploit common vulnerability patterns.
Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.
The Level 3 Vulnerability Researcher shall possess the following capabilities:
Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw Ability to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.
) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results Edit/Approve and participate in technical presentations on assigned projects Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities
Qualifications:
Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levels Proven results from participation in vulnerability discovery efforts within the last twelve (12) months Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.
Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) that ultimately achieve reliable remote code execution and/or reliable privilege escalation.
Benefits:
Complete Insurance Coverage - Blue Cross Medical, Delta Dental, Vision, Life 401k with Company Contribute Generous Paid Time Off.
Estimated Salary: $20 to $28 per hour based on qualifications.
TS/SCI with a Full Scope Poly Required Desired Skills Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs.
production-style environments Use of Unix/Windows system API&039;s Understanding of virtual function tables in C+
Heap allocation strategies and protections Experience with very large software projects a plus Kernel programming experience (WDK / Unix Linux) a significant plus Hardware/Software reverse engineering, which often includes the use of tools (eg, IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.
For Hardware reverse engineering, candidates expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (eg not interested in FPGA reverse engineering, or other circuit reverse engineering).
Candidates who can merge low-level knowledge about compilation of C/C+
code with a nuanced understanding of system design to identify and exploit common vulnerability patterns.
Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.
The Level 3 Vulnerability Researcher shall possess the following capabilities:
Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw Ability to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.
) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results Edit/Approve and participate in technical presentations on assigned projects Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities
Qualifications:
Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levels Proven results from participation in vulnerability discovery efforts within the last twelve (12) months Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.
Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) that ultimately achieve reliable remote code execution and/or reliable privilege escalation.
Benefits:
Complete Insurance Coverage - Blue Cross Medical, Delta Dental, Vision, Life 401k with Company Contribute Generous Paid Time Off.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
