Vulnerability Researcher

  • Annapolis Junction, MD, USA
  • Full-time

Company Description

Fenix Group is a Systems Integrator focused on battlefield technologies.  Our mission is to reduce risk and cost to the warfighter by enabling battlefield intelligence at the edge, increasing soldier lethality and allowing smaller teams to control larger areas.  Our experience in deploying specialized austere environment communications systems to enable a "Battlefield of Things" (TM) allows us to connect drones, augmented reality enabled battlefield robots, loitering munitions, and other sensor ecosystem end points to enable US military and first responders with at-the-edge intelligence. 

Job Description

Security Clearance Required: TS/SCI with FS Poly

Actively seeking a Vulnerability Researcher Level 1 to support the newly awarded NUTRAGEOUS contract.

The Vulnerability Researcher provides engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.

Qualifications

Security Clearance Required: TS/SCI with FS Poly

 

Required Skills:

· Actively debug software and troubleshoot issues with software crashes and programmatic flow

· Provide written reports, proof-of-concept code, prototypes, and hands-on demonstrations of reverse engineering and vulnerability analysis results, and

· Provide/author and participate in technical presentations on assigned projects

· Minimum two (2) years' experience programming in Assembly, C, C#, C++, Perl, or Python.

· Minimum two (2) years demonstrated experience in either hardware or software reverse engineering.

Desired Skills:

· Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments

· Use of Unix/Windows system API’s

· Understanding of virtual function tables in C++

· Heap allocation strategies and protections

· Experience with very large software projects a plus

· Kernel programming experience (WDK / Unix||Linux) a significant plus

· Hardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.

· For Hardware reverse engineering, candidates expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g. not interested in FPGA reverse engineering, or other circuit reverse engineering).

· Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.

Education Required:

· Bachelor's Degree in Computer Science or related field, or minimum two (2) years' experience in computer science, information systems, or network engineering

 

Additional Information

All your information will be kept confidential according to EEO guidelines.