Senior Vulnerability Researcher

Systems & Technology Research Arlington , VA 22203

Posted Yesterday

STR is hiring a hardware, software, and firmware Senior Vulnerability Researcher who has a passion for analysis, development, and remediation of cyber physical system vulnerabilities and exploits.

Duties will include but are not limited to:

  • Working in small research teams to reverse engineer and identify vulnerabilities in complex software, firmware, and/or hardware targets
  • Performing vulnerability research (VR), exploit development, and vulnerability mitigation on a variety of challenging targets ranging from Windows/Linux binaries to embedded firmware on non-traditional information systems
  • Working in small research teams to develop innovative cybersecurity solutions
  • Documenting, demonstrating, and presenting research

Requirements

  • US Citizen with the ability to obtain a Security Clearance
  • BS, MS or PhD in Computer Science, Computer Engineering, Cybersecurity or related field (or equivalent)
  • 10+ years of relevant experience
  • Experience performing VR using tools such as IDA, Binary Ninja, or Ghidra
  • Experience performing static/dynamic/symbolic program analysis
  • Vulnerability research and analysis
  • Penetration testing or system hacking
  • Proficiency in one or more programming languages: C/C++, Python, etc.
  • Exploit development

Desired Skills and Experience:

  • Active Security Clearance at the Secret or Top Secret (TS) level
  • Reverse engineering
  • Knowledge of anti-reverse engineering techniques
  • Operating system internals including memory/process/thread management
  • Implant or software patch development
  • Protocol analysis
  • Knowledge of binary file structures and formats
  • Embedded systems or firmware analysis
  • JTAG debugging, firmware flashing or extraction
  • Assembly Languages (x86, ARM, etc.)

Systems & Technology Research (STR) is a rapidly growing technology company with locations north of Boston, MA, Arlington, VA and near Dayton, OH. We specialize in advanced research and development for defense, intelligence, and national security, trying to understand how to protect our society: from stopping malicious botnet attacks, to understanding cyber vulnerabilities, providing next generation sensors, radar, sonar, communications, and electronic warfare to developing artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.

STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, but you go home at night knowing that you pushed the forefront of technology and made the world a little safer. We recognize that the world is changing, that it is becoming more connected than ever before, making things change faster than before, and reshaping society in the process. We all want to understand this changing world and leave it better for our work.

We're not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe!

STR is fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.

If you need a reasonable accommodation for any portion of the employment process, email us at appassist@stresearch.com and provide your name, phone number and email address.

US Citizenship is required for all positions.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Threat Intelligence Researcher

Threatconnect, Inc.

Posted 1 week ago

VIEW JOBS 10/8/2020 12:00:00 AM 2021-01-06T00:00 <p>Designed by analysts but built for the entire team (security operations, threat intelligence, incident response and security leadership), ThreatConnect’s intelligence-driven security operations platform is the only solution available today with intelligence, automation, analytics, and workflows in a single platform. Centralize your intelligence, establish process consistency, scale operations, and measure your effectiveness in one place. To learn more about our threat intelligence platform (TIP) or security orchestration, automation, and response (SOAR) solutions, visit ThreatConnect.com.<br></p><p><strong>Job Description </strong></p><p>Calling all threat hunters, diamond modelers, and pyramid of pain climbers! The ThreatConnect Research Team is looking for a senior-level researcher with a strong background in threat intelligence analysis, particularly threat actor tracking and signature development. If you have a strong understanding of adversary tactics and techniques, and a stronger desire to use that knowledge in the fight against the adversary, come join us!</p><p>Our team is a group of threat intelligence researchers dedicated to creating actionable intelligence by identifying and exploiting attack patterns related to nation-state, criminal, and ideological cyber threats. While we share that intelligence with others to help them defend against threats, we also focus on developing, capturing, and sharing our tradecraft to help our users develop their own threat intelligence processes. As our new Senior Threat Intelligence Researcher, you will take on the following responsibilities:</p><ul> <li>Hunt for interesting threat activity in our data collection systems</li> <li>Analyze threat actor capabilities and infrastructure</li> <li>Develop tactical and strategic intelligence in ThreatConnect</li> <li>Create, test, and document analytic techniques to make research repeatable</li> <li>Share research findings, tradecraft, and associated signatures and detection analytics within ThreatConnect and beyond (blogs, webinars, conferences)</li> <li>Curate and help prioritize the collected threat data</li> <li>Teach our users about your findings and processes</li> <li>Provide subject matter expertise to other teams to improve ThreatConnect</li> </ul><p><strong>Requirements</strong></p><ul> <li>5+ years of experience in cyber threat intelligence analysis and investigation</li> <li> Strong understanding of threat data enrichment and pivoting as it relates to malware and network infrastructure</li> <li> Strong verbal and written communication skills, with demonstrated works such as research, presentations, blogs, whitepapers, etc.</li> <li> Familiarity with threat intelligence concepts and frameworks (Diamond Model, etc)</li> <li> Familiarity with one or more cyber security data models (ThreatConnect data model, STIX, MISP, etc)</li> <li> Ability to work remotely, both on independent tasks and on highly collaborative team projects</li> <li> Ability to travel occasionally to attend conferences, deliver workshops, and participate in team onsite meetings</li> <li> Bachelor’s degree in a work-related discipline from an accredited college or university. Equivalent experience considered</li> </ul><p><strong>Desired Qualifications:</strong></p><ul> <li>Experience in Incident Response, Security Operations, and/or supporting Computer Emergency Response Teams</li> <li>Experience writing detection signatures such as YARA, Snort, and Sigma</li> <li>Fluency in a foreign language</li> <li>Industry Certifications such as GIAC/SANS or CISSP</li> </ul><p><strong>Benefits</strong></p><ul> <li>10 Paid Federal Holidays </li> <li> Accrued Paid Time Off (PTO) for vacation/sick, time </li> <li> Your birthday off </li> <li> Employee recognition program with quarterly awards </li> <li> Employee referral program </li> <li> Military leave options available </li> <li> Paid Parental leave </li> <li> Paid Bereavement leave </li> <li> Education reimbursement program for job-related college courses and professional training </li> <li> Company-provided refreshments at our headquarters </li> <li> Quarterly events with your geographic team </li> <li> Annual company party </li> </ul><p><strong>Medical:</strong></p><ul> <li> MEDICAL PREMIUM FOR INDIVIDUALS AND FAMILIES ARE 100% COVERED </li> <li> Prescription drug coverage </li> <li> Dental coverage </li> <li> Vision coverage </li> <li> Company-paid short term and long term disability </li> <li> Company-paid insurance and AD&amp;D coverage </li> <li> Pet Insurance </li> </ul><p><strong>Financial:</strong></p><ul> <li> 401K retirement savings plan with company matching program up to 6% </li> <li>Health Savings Account </li> <li>Flexible Spending Accounts (medical, dependent care, transit and parking) </li> <li>Cell phone stipend </li> </ul> Threatconnect, Inc. Arlington VA

Senior Vulnerability Researcher

Systems & Technology Research