Vulnerability Researcher III jobs in United States
cer-icon
Apply on Employer Site
company-logo

BTS ยท 3 months ago

Vulnerability Researcher III

positionColumbia, MD
timeFull-time
remoteOnsite
senioritySenior Level
money$260K/yr - $300K/yr

BTS Software Solutions is a Service Disabled Veteran Owned Small Business focused on transforming ideas into technology to serve people. They are seeking a Vulnerability Researcher III to actively debug software, perform source code analysis, develop proof-of-concept exploits, and lead efforts in vulnerability research and reverse engineering.

Defense & Space
check
Growth OpportunitiesbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Actively debug software and troubleshoot issues with software crashes and programmatic flow
Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw
Ability to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
Provide/author and participate in technical presentations on assigned projects
Lead reverse engineering and vulnerability research
Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow
Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw
Ability to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
Edit/Approve and participate in technical presentations on assigned projects
Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis

Qualification

Vulnerability analysisReverse engineeringProgramming in C/C++Assembly programmingKernel programmingSource code analysisExploit developmentTechnical presentationsDocumentation skillsTeam leadershipProblem-solvingCommunication skills

Required

Active TS/SCI w/ POLY
Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments
Use of Unix/Windows system API's
Understanding of virtual function tables in C++
Heap allocation strategies and protections
Proven results from participation in vulnerability discovery efforts within the last twelve (12) months
Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies
Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw
Ability to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
Lead reverse engineering and vulnerability research
Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow
Ability to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
Edit/Approve and participate in technical presentations on assigned projects
Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis

Preferred

Experience with very large software projects a plus
Kernel programming experience (WDK / Unix||Linux) a significant plus
Hardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application
For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g. not interested in FPGA reverse engineering, or other circuit reverse engineering)
Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns
Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies

Benefits

100% Company PAID health benefits
PTO
401K matching and vested from day one of employment

Company

BTS

twitter
company-logo
BTS solves modern security and defense challenges through cutting edge technology and highly-skilled teams.
location
Columbia, Maryland, US
people-size51-200 employees
web-link
https://www.unleashbts.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
David Tohn
Chief Executive Officer
linkedin
leader-logo
Dan Cummings, PE, PMP
Chief Operating Officer
linkedin
Company data provided by crunchbase