Apply on Employer Site

Research Innovations Incorporated · 10 hours ago

Senior Vulnerability Researcher (Cyber254)

San Antonio, TX

Full-time

Onsite

Senior Level

Research Innovations, Inc. (RII) is a company focused on developing transformative technology for government and military applications. They are seeking a dedicated Vulnerability Researcher to join their Cyber Security team, where the role involves conducting vulnerability analysis and reverse engineering to solve complex security challenges for defense and homeland security clients.

Artificial Intelligence (AI)Big DataCloud ComputingCyber SecurityInformation ServicesInformation TechnologyMachine Learning

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conducting in-depth reverse engineering and vulnerability analysis across various architectures and platforms, including x86/64, ARM, PowerPC, and more

Researching and analyzing operating system and application internals, identifying and understanding security strengths and weaknesses of those systems

Developing and enhancing functionality by adding features and capabilities to undocumented interfaces

Modeling and analyzing in-memory compiled application behavior to identify potential vulnerabilities and improve security measures

Developing and understanding mobile/embedded systems and kernel modules, particularly related to vulnerability research

Participating actively in our extensive Vulnerability Research mentorship program, sharing knowledge and collaborating with colleagues

Qualification

Vulnerability researchReverse engineeringExploit mitigationsOperating system internalsWireless networkingProgramming PythonProgramming CLow-level architecturesMalware analysisAgile methodologiesMachine learningCommunication skills

Required

Active US Top Secret security clearance, and the ability to upgrade to TS/SCI Special Access Program access

Proficient understanding of wireless networking and associated security protocols, such as Wi-Fi

Strong grasp of legacy exploit mitigations and bypass techniques, including but not limited to Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP/NX), Stack Cookies (Canaries), and Control Flow Integrity (CFI). Experience in identifying and circumventing these security measures

In-depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.). Understanding the security implications and potential vulnerabilities associated with these concepts

Programming experience with both scripted languages (preferably Python3) and compiled languages (preferably C). Ability to write efficient and secure code for vulnerability research and exploit development purposes

Familiarity with low-level architectures such as x86, ARM, or MIPS. Understanding the underlying principles, instruction sets, and memory models of these architectures for vulnerability identification and analysis

Experience with operating system internals and implementations, including Windows, Linux, or macOS. Knowledge of system structures, process management, memory management, and security mechanisms at the kernel level

Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike

Preferred

Experience with vulnerability research and reverse engineering of real-time operating systems (RTOS), such as FreeRTOS, QNX, or VxWorks. Understanding the unique security challenges and attack vectors specific to RTOS environments

Bachelor's or postgraduate degree in Computer Science, Computer Engineering, or a related field

Experience with software protection and binary armoring techniques, such as anti-debugging, code obfuscation, or tamper resistance. Understanding the methods employed to protect software from reverse engineering and vulnerability discovery

Proficiency in agile development methodologies, including Scrum or Kanban, for efficient collaboration and iterative development in a cybersecurity context

Familiarity with low-level iOS/Android development and associated security considerations, such as jailbreaking or rooting, application sandboxing, or secure interprocess communication (IPC)

Knowledge of hypervisors and their security implications, including virtualization-based security, guest escape vulnerabilities, or hypervisor-based rootkits

Proficiency in malware analysis, including static and dynamic analysis techniques, behavioral analysis, and code deobfuscation. Experience in identifying and analyzing malware samples to understand their capabilities and potential vulnerabilities

Experience with constraint solving techniques, such as symbolic execution, theorem proving, or model checking, for vulnerability identification, verification, and exploit generation

Background in machine learning, particularly in the context of vulnerability analysis and detection, such as using ML techniques to identify patterns in code or analyze network traffic for anomaly detection