Vulnerability Researcher

Title:

KBR is seeking a Vulnerability Researcher to support vulnerability discovery and validation efforts against embedded systems and firmware. In this role, you will focus on hands‑on vulnerability research, including building emulation‑backed test environments, developing fuzzing workflows, performing crash triage and root‑cause analysis, and assisting with proof‑of‑concept exploit development in a controlled lab setting.

The Vulnerability Researcher works closely with reverse engineers and senior vulnerability researchers to deliver reproducible findings and high‑quality technical documentation for government customers while continuing to deepen technical proficiency across mission‑relevant domains.

Key Responsibilities

Conduct vulnerability research on embedded targets using asset‑safe approaches such as emulation, virtualization, and controlled experimentation

Develop and execute fuzzing campaigns, including target setup, fuzz harness development, seed/corpus management, and coverage‑driven testing

Perform crash triage and root‑cause analysis to identify and characterize security vulnerabilities

Assist in the development of proof‑of‑concept exploits to validate vulnerability impact in controlled laboratory environments

Create and maintain test harnesses and supporting infrastructure to exercise payload delivery and validate behavior repeatably

Reverse engineer firmware and binaries as needed to understand vulnerable code paths and exploitation constraints

Collaborate with vulnerability researchers, reverse engineers, and developers support mission objectives

Document findings and produce technical reports and artifacts suitable for release

Research and apply new vulnerability research tools and techniques under senior technical guidance

Minimum Qualifications

Security Clearance: Must have an active U.S. government Secret security clearance, which is something only a U.S. citizen can obtain

Bachelor’s degree in Computer Engineering, Electrical Engineering, Computer Science, or a related field

4–9 years of experience in vulnerability research, reverse engineering, or exploit development

Strong understanding of embedded systems, firmware, operating systems, and low‑level software behavior

Proficiency in C/C++, Python, and assembly for vulnerability research, harness development, and automation

Experience with embedded emulation environments

Experience with coverage‑guided fuzzing, fuzz harness development, and crash triage workflows

 Preferred Qualifications

Experience developing proof‑of‑concept exploits for vulnerability validation

Exposure to analysis techniques such as symbolic execution, concolic execution, or taint analysis

Experience with hardware‑focused vulnerability research or embedded security testing

Demonstrated ability to communicate technical findings clearly in written reports

Basic Compensation: $99,200 - $148,700 (For Beavercreek, OH Only)
The offered rate will be based on the selected candidate’s knowledge, skills, abilities and/or experience and in consideration of internal parity.

Additional Compensation:
KBR may offer bonuses, commissions, or other forms of compensation to certain job titles or levels, per internal policy or contractual designation. Additional compensation may be in the form of a sign on bonus, relocation benefits, short-term incentives, long-term incentives, or discretionary payments for exceptional performance.

Belong, Connect and Grow at KBR
At KBR, we are passionate about our people and our Zero Harm culture.  These inform all that we do and are at the heart of our commitment to, and ongoing journey toward being a People First company.  That commitment is central to our team of team’s philosophy and fosters an environment where everyone can Belong, Connect and Grow. We Deliver – Together. 

KBR is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.