Mobile CNO Developer
Overview
BigBear.ai is seeking Mobile Developers to conduct research and technical analysis ultimately leading to vulnerability discovery and offensive cyber tool development. Ideal candidates will understand Apple's iPhone and/or Google's Android operating systems and hardware.
We are looking for wizards that can dissect complex and connected embedded systems looking for vulnerabilities in firmware, app code, and operating systems. We expect no rock to be left unturned. Our teams investigate all aspects of running firmware on internal embedded processors, and figure how they communicate with each other and their respective cellular (i.e., 4G/5G) infrastructure. You will have the opportunity to use skills in programming/scripting languages (e.g., Python, C/C++, Obj-C, etc.), reverse engineering, mobile application pen testing, and networking protocols to support our Government clients. Help us determine what the art of the possible is, what can be done, and then have the opportunity to prove it.
BigBear.ai's Cyber & Engineering Innovations Lab is a physical lab at our HQ (Columbia, MD) whose activities and initiatives are complementary to our offensive cyber portfolio. The Innovations Lab allows for protected research and technical analysis as well as access software and firmware updates, and other activities related to mission.
What you will do
- Prototype code to prove research findings and hypotheses
- Static and Dynamic Analysis of target devices and software/firmware
- Document findings and potential vulnerabilities and attack vectors
What you need to have
- Clearance: must possess and maintain a TS clearance with polygraph
- BS in Computer Science, Engineering, Math, or equiv w/ 3+ years exp. Within OCO/DCO solutions development
- 3+ years of experience with iOS and Android mobile device operating systems
- Experience with complex embedded systems development and/or reversing
- Knowledge of static and dynamic mobile app security analysis concepts
- Knowledge of reverse engineering Android DEX files and Apple's Macho-O files o BS degree in Computer Science, Engineering, or equiv.
- Knowledge of static and dynamic mobile app security analysis concepts o Knowledge of protocol and network analysis using mitmproxy and Wireshark
- Experience with higher-level languages, including Java, Objective-C, or Python o Experience with firmware development, volatile memory manipulation, and software hooking
What we'd like you to have
- Experience with developing iOS and Android mobile applications
- Knowledge of common mobile application vulnerabilities and mobile threats
- Knowledge of iOS and Android code scanning tools such as baksmali/smali, jadx, soot, Frida, and Objection
- Knowledge of common mobile application authentication and encryption methods such as OAuth and PKI
- Possession of excellent verbal and written communication skills
- Deep experience working within offensive and defensive cyber solutions team
About BigBear.ai
A leader in decision dominance for more than 20 years, BigBear.ai operationalizes artificial intelligence and machine learning at scale through its end-to-end data analytics platform. The Company uses its proprietary AI/ML technology to support its customers' decision-making processes and deliver practical solutions that work in complex, realistic and imperfect data environments. BigBear.ai's composable AI-powered platform solutions work together as often as they stand alone: Observe (data ingestion and conflation), Orient (composable machine learning at scale), and Dominate (visual anticipatory intelligence and optimization).
BigBear.ai's customers, which include the U.S. Intelligence Community, Department of Defense, the U.S. Federal Government, as well as customers in the commercial sector, rely on BigBear.ai's high value software products and technology to analyze information, identify and manage risk, and support mission critical decision making. Headquartered in Columbia, Maryland, BigBear.ai has additional locations in Virginia, Massachusetts, Michigan, and California.
BigBear.ai will request COVID-19 vaccination status information as part of the onboarding process.