Draper · 2 weeks ago
Senior Embedded Vulnerability Researcher
Reston, VA
Full-time
Onsite
Mid, Senior Level
$82K/yr - $206K/yr
5+ years expDraper is an independent, nonprofit research and development company headquartered in Cambridge, MA, focusing on national challenges. The Senior Embedded Vulnerability Researcher will develop tailored solutions for DoD and IC Sponsor directives, assess hardware and software for vulnerabilities, and mentor less experienced engineers.
Defense & Space
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Assess hardware and software for security vulnerabilities using a breadth of technologies and techniques
Develop software that meets behavior and security requirements for tailored applications
Integrate software capabilities with other tasks or groups to improve performance or behavior requirements
Create new tools and systems to detect and exploit vulnerabilities and system weaknesses
Document nominal application and system functionality, in addition to implemented changes
Drive solutions to complex problems with limited direction – contribute to requirements development, propose ways forward, and adapt appropriately to changes in requirements
Provides insight and suggest design modifications based on analysis outcomes, and to apply analysis techniques across a range of technical disciplines
Identifies program/system-level technical risks and develop and execute mitigation strategies
Actively mentor less experienced engineers and provide thoughtful, constructive feedback
Performs other related duties as assigned
Qualification
Required
Requires a bachelor's in computer science, computer engineering, or related field
5-10 years experience in Cybersecurity or related field is required
Proficiency with modern program analysis methodologies and techniques
Reverse-engineering assessment techniques for firmware or embedded systems
Familiarity with binary file and filesystem structures and formats
Hands-on proficiency with reverse engineering tooling such as: Ghidra, IDA, GDB, RR
Hands-on proficiency with physical instrumentation or hardware modification, soldering
Experience with JTAG/SWD/BDM, and eMMC/NAND/SPI flash data extraction
Exploitation techniques for embedded devices across platforms and architectures
Familiarity of network stack and internals
Familiarity of operating system internals throughout user mode, kernel mode, and during boot processes for at least one of the following: GNU/Linux, RTOS
Familiarity with architectures and assembly: x86, ARM, Hexagon, PowerPC
Proficiency with programming languages such as: C, C++, Python, Java
Familiarity with scripting languages such as: Bash, Powershell
Familiarity in development environments for GNU/Linux or Windows
Successful history in authoring of technical proposals and documents
Leadership in advanced R&D initiatives, including government-funded projects
Leadership of critical programs with more than two full time staff members
Proficient in teamwork and communication with diverse audiences
Applicants selected for this position must be required to obtain and maintain a government TS/SCI security clearance
Preferred
Experience with side channel attacks (glitching) to place components and/or devices into altered states to bypass protections
Familiarity with custom filesystem extraction and modification, removal and/or regeneration of OOB/CRC data
Familiarity with bus and protocol analysis
Benefits
Workplace flexibility
Employee clubs ranging from photography to yoga
Health and finance workshops
Off site social events
Discounts to local museums and cultural activities
Company
Draper
We Engineer Solutions for the Nation’s Toughest Problems As an independent nonprofit engineering innovation company, Draper provides engineering services directly to government, industry, and academia.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Jerry Wohletz
President and Chief Executive Officer
Brenan McCarragher
Chief Technology Officer
Recent News
Business Journals
2024-03-28
2024-02-28
Company data provided by crunchbase