Vulnerability Researcher

Job#: 1357062

Job Description:

Company is currently seeking an experienced Vulnerability Researcher to work in our Columbus, OH location. Do you have a passion for understanding how things work, and ultimately, how they break? Do you enjoy working with discovering vulnerabilities and debugging programs with tools like gdb or QIRA? Does creating automated, scalable, and reverse engineering tools and pipelines excite you? If you answered yes to these questions, this is the job for you! In this role, you will work with disassemblers and debuggers to quickly understand how embedded devices operate. You will use and build vulnerability research tools that push past the edge of current tools and techniques. In a given, day you will research and debug an embedded device while getting the chance to bounce ideas off of a close-knit team of researchers. You will get to write tools that fuzz, concolic ally analyze, or process these devices. We have the tools and the mentors you will need to take yourself to the next level and who are eager to learn from your experience. “From Silicon to Systems” - We are an elite, multi-disciplinary team, bringing together the brightest minds from physics, computer science, electrical engineering, and mathematics to develop unique embedded security solutions for government and industrial customers. Company has been trusted by elite government clients to solve some of the world’s hardest security problems. We work in small agile teams to push the bounds of computing technology. Our high-powered labs include specialized software and hardware, so our engineers have everything they need to invent new Cyber solutions. We encourage new ideas with our large Internal Research and Development (IRAD) program where engineers work on projects they are passionate about. Inventors and innovators are rewarded by our industry-leading IP compensation program. Our group works collaboratively with many parts of Company’s larger organization on projects ranging from genomics to robotics.

 Responsibilities

· Collaborate with the team members to develop software systems that aid in data analytics, network-based applications, reverse engineering tasks, embedded system development, and integration of hardware.

· Identifies and articulates strengths and weaknesses of solutions, conclusions, and problem approaches during technical discussions.

· Demonstrates awareness of deliverables and their role within the project plan. Identifies and executes steps necessary to complete less structured assignments with limited guidance from SMEs.

· Works with internal and external stakeholders to prepare and present technical content tailored to the clients mission. Leads technical discussions, demonstrating command of the technology and adequately fielding questions which arise.

· Contribute to Internal Research and Development (IRAD) studies and may lead small IRAD tasks.

· Seeks out technical experts for collaboration and facilitates technical discussions with lower-level staff.

· Demonstrates understanding of business product offerings and contributes to marketing / business development by providing technical expertise during marketing engagements as well as supporting business development efforts led by others.

· Forms technical approach and generates technical volumes for small proposals with minimal guidance and leads Work Breakdown Structure (WBS) creation and labor estimates.

Key Qualifications

· Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or related field of study with 5 years of experience; Master’s degree in related field with 2 years of experience; PhD in a related field; or an equivalent combination of education and experience

· Develop software to run in user-mode or kernel-mode

· Ability to code in C or C++

· Ability to use a scripting language (Python, Perl, Ruby, etc.)

· Experience with PC and embedded systems architecture to include boot processes and OS internals

· Experience with a disassembler for vulnerability research (IDA Pro, BinaryNinja, etc.) · Understand network protocols

· Experience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.)

· Experience with one or more debuggers (WinDbg, OllyDbg, gdb, etc.)

· Experience with vulnerability research on one or more operating systems: Android, iOS, Windows, Linux, MacOS, VxWorks, QNX, RTOSs, or other custom operating systems

· Ability to demonstrate good organization, communication, problem-solving, and teamwork skills

· Knowledge of common mitigation techniques (DEP, ASLR, etc.)

· Familiarity with fuzzers

· Ability to obtain and maintain a U.S. Government security clearance Preferred Qualifications

· Participation in CTFs

· Ability to analyze assembly-level code on multiple platforms (x86, x64, ARM, MIPS, PowerPC, etc.)

· Experience with symbolic analysis

· Ability to analyze network protocols throughout all layers of the network stack

· Background in software engineering and architecture

· Active Top Secret security clearance

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.