Vulnerability Researcher II

BTS Software Solutions
Columbia, MD
Sep 28, 2022
Sep 30, 2022
Analyst, Research
Full Time
Vulnerability Researcher REQ ID:975-03 BTS Software Solutions is seeking a Vulnerability Researcher II with an active TS/SCI w/ POLY to join our team in Ft. Meade, MD What You'll Get To Do: * Actively debug software and troubleshoot issues with software crashes and programmatic flow * Ability to perform source code analysis in an effort to discover software flaws, and * provide/author documentation on the impact and severity of the flaw * Ability to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results * Provide/author and participate in technical presentations on assigned projects * Lead reverse engineering and vulnerability research You'll Bring These Skills: * Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments * Use of Unix/Windows system APIs * Understanding of virtual function tables in C++ * Heap allocation strategies and protections * Experience with very large software projects a plus * Kernel programming experience (WDK / Unix||Linux) a significant plus * Hardware/Software reverse engineering, which often includes the use of tools (eg, IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application. * For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (eg not interested in FPGA reverse engineering, or other circuit reverse engineering). * Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies. Education/Qualifications: * Meets all qualifications of a CNO Vulnerability Researcher/Analyst I, but has the following increased experience and skill levels * Minimum four (4) years of experience programming in Assembly, C, C#, C++, Perl, or Python for a production environment * Minimum of five (5) years contiguous experience in computer science, information systems, or network engineering; or Bachelor's Degree in Computer Science or related field plus a minimum of three (3) years contiguous experience * Minimum four (4) years of demonstrated experience in either hardware or software reverse engineering About BTS Software Solutions: BTS Software Solutions is a Service Disabled Veteran Owned Small Business who are community-focused innovators who transform ideas into technology to serve people. We recognize that innovation is only valuable when applied towards a needed solution. Technology has no value without the hard work to turn ideas into reality. Our roots are in helping save Soldiers lives through technology. We bring that ethos to serving our community. We create solutions that touch people's lives - products to communicate, to connect companies with customers, to stay informed, to save lives, and to enhance lives. We have a small company persona with a large company ethos and capabilities; we create elegant solutions for complex problems that will enrich peoples lives. BTS offers one of the best benefits packages in the industry: 100% Company PAID health benefits, PTO, 401K matching and vested from day one of employment, to name just a few of our benefits and perks. To learn more about BTS Software Solutions visit us at BTS Software Solutions is an Equal Opportunity Employer (EOE). All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law