[Close] 

Vulnerability Researcher / Reverse Engineer

Company Name:
BAE Systems
To provide software reverse engineering and vulnerability expertise as part of an international research team based in Northern Virginia. This role is focused on exploitation of embedded devices within a team of developers, reverse engineers and exploitation specialists. An Extreme Agile process is used for finding vulnerabilities.
The candidate will need to have experience of binary reverse engineering and software exploit discovery and exploitation.
The ideal candidate will have 5+ years in IT security and 2+ years in VR/RE.
Required Skills and Education
Required education: Bachelor Degree or four additional years of experience in lieu of a degree. Experience hacking applications and operating systems is more important than degree.
Software reverse engineering - Experience using IDA Pro to determine how an application works and processes
data. This could include x86, ARM, ARM64 etc. IDA Python experience.
Exploitation - Experience identifying and exploiting zero days including memory corruption bugs for example stack overflows, heap overflows, integer overflows, logical flaws. Experience with mitigation (ASLR, Stack cookies, non-executable memory) to deter exploitation and how can they be bypassed.
File format reverse engineering - Experience determining how files are structured, understanding the standard methods for encoding data from Base64 to ASN1.
Experience with IDA Pro software reverse engineering tool
Encryption - A good understand of how symmetrical and asymmetrical encryption works, certificate chain of trust, crypto weaknesses etc.
Protocols - Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML etc.
Fuzzing - Experience of writing and running fuzzers, understanding of the differences between dumb and more intelligent fuzzers, and how Reverse Engineering feeds the process.
Coding - The ability to quickly write programs to accomplish point solutions in languages like Python, C, C++, C#, PHP.
Code Review - The ability to review C/C++ source code for vulnerabilities.
Operating Systems Architecture - Knowledge of how operating systems work from "user land" code right trough to the kernel.
Experience programming Android applications and securing the operating system and applications.
Preferred Skills and Education
Experience working with Android application development especially securing the operating system and applications
About BAE Systems Intelligence & Security
BAE Systems is a global defense, aerospace and security company with more than 80,000 employees worldwide, delivering a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support and services.
Intelligence & Security provides comprehensive and strategic support to any mission, anytime, anywhere. The sector serves a diverse customer base, including the U.S. Department of Defense; the intelligence community; U.S. federal civilian agencies including the Department of Justice, the Department of Homeland Security and commercial clients. The sector is headquartered in McLean, Va., and employs approximately 10,000 employees.
People are the greatest asset in any company. BAE Systems is committed to a high performance culture and provides an environment where the work we do matters and where people are challenged to reach their full potential.
Equal Opportunity Employer. Females. Minorities. Veterans. Disabled
Department
0CD000_Federal IT Mission Solutions
Company
GDE_BAE Systems Info Solutions,Inc
Vulnerability Researcher / Reverse Engineer
Lorton, Virginia
5134BR-1000

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.