Senior Vulnerability Researcher at STR
STR is hiring a hardware, software, and firmware Senior Vulnerability Researcher who has a passion for analysis, development, and remediation of cyber physical system vulnerabilities and exploits.
Duties will include but are not limited to:
- Working in small research teams to reverse engineer and identify vulnerabilities in complex software, firmware, and/or hardware targets
- Performing vulnerability research (VR), exploit development, and vulnerability mitigation on a variety of challenging targets ranging from Windows/Linux binaries to embedded firmware on non-traditional information systems
- Working in small research teams to develop innovative cybersecurity solutions
- Documenting, demonstrating, and presenting research
- Ability to obtain a Security Clearance
- BS, MS or PhD in Computer Science, Computer Engineering, Cybersecurity or related field (or equivalent)
- 5 - 10 years of relevant experience
- Experience performing VR using tools such as IDA, Binary Ninja, or Ghidra
- Experience performing static/dynamic/symbolic program analysis
- Vulnerability research and analysis
- Penetration testing or system hacking
- Proficiency in one or more programming languages: C/C++, Python, etc.
- Exploit development
Desired Skills and Experience:
- Active Security Clearance at the Secret or Top Secret (TS) level
- Reverse engineering
- Knowledge of anti-reverse engineering techniques
- Operating system internals including memory/process/thread management
- Implant or software patch development
- Protocol analysis
- Knowledge of binary file structures and formats
- Embedded systems or firmware analysis
- JTAG debugging, firmware flashing or extraction
- Assembly Languages (x86, ARM, etc.)
All STR employees may be subject to COVID-19 vaccination requirement in response to Executive Order 14042 and accompanying Task Force Guidance, unless a medical or religious accommodation is formally approved by STR.
STR is a rapidly growing technology company with locations north of Boston, MA, Arlington, VA and near Dayton, OH. We specialize in advanced research and development for defense, intelligence, and national security, trying to understand how to protect our society: from stopping malicious botnet attacks, to understanding cyber vulnerabilities, providing next generation sensors, radar, sonar, communications, and electronic warfare to developing artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.
STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, but you go home at night knowing that you pushed the forefront of technology and made the world a little safer. We recognize that the world is changing, that it is becoming more connected than ever before, making things change faster than before, and reshaping society in the process. We all want to understand this changing world and leave it better for our work.
STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at www.str.us for more info.
STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.
If you need a reasonable accommodation for any portion of the employment process, email us at [email protected] and provide your contact info.
Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.