Vulnerability Researcher III

Vulnerability Researcher III

REQ ID:976-03

BTS Software Solutions is seeking a Vulnerability Researcher III with an active TS/SCI w/ POLY to join our team in Annapolis Junction, MD.

What You'll Get To Do:

• Actively debug software and troubleshoot issues with software crashes and programmatic flow
• Ability to perform source code analysis in an effort to discover software flaws, and
• provide/author documentation on the impact and severity of the flaw
• Ability to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
• Provide/author and participate in technical presentations on assigned projects
• Lead reverse engineering and vulnerability research
• Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow
• Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw
• Ability to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
• Edit/Approve and participate in technical presentations on assigned projects
• Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis

You'll Bring These Skills:

• Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments
• Use of Unix/Windows system API’s
• Understanding of virtual function tables in C++
• Heap allocation strategies and protections
• Experience with very large software projects a plus
• Kernel programming experience (WDK / Unix||Linux) a significant plus
• Hardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.
• For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g. not interested in FPGA reverse engineering, or other circuit reverse engineering).
• Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.

Education/Qualifications:

• Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levels

• Proven results from participation in vulnerability discovery efforts within the last twelve (12) months

• Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.

Pay Range: $260,000 to $300,000
The BTS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package. These considerations include, but are not limited to, the extent and intricacy of the role’s responsibilities, the candidate’s educational background, their work experience, and the specific competencies crucial for success in the role

About BTS Software Solutions:

BTS Software Solutions is a Service Disabled Veteran Owned Small Business who are community-focused innovators who transform ideas into technology to serve people. We recognize that innovation is only valuable when applied towards a needed solution. Technology has no value without the hard work to turn ideas into reality. Our roots are in helping save Soldiers’ lives through technology. We bring that ethos to serving our community. We create solutions that touch people's lives - products to communicate, to connect companies with customers, to stay informed, to save lives, and to enhance lives.

We have a small company persona with a large company ethos and capabilities; we create elegant solutions for complex problems that will enrich people’s lives. BTS offers one of the best benefits packages in the industry: 100% Company PAID health benefits, PTO, 401K matching and vested from day one of employment, to name just a few of our benefits and perks. To learn more about BTS Software Solutions visit us at www.unleashbts.com/careers/.

BTS Software Solutions is an Equal Opportunity Employer (EOE). All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law