Software Developer – Vulnerability Research / Reverse Engineering (VR/RE)

at BAE Systems
Published May 26, 2023
Location Newington, VA
Category Default  
Job Type Full-time  

Description

**Job Description**

BAE Systems is actively seeking passionate, creative, and determined individuals to provide software reverse engineering and vulnerability expertise as part of an international vulnerability research team. This position will be based in Northern Virginia and will require some regular work onsite. The role is focused on analyzing systems to understand how they work and on developing groundbreaking technologies to create novel solutions to complex cyber challenges. The candidate will demonstrate agility as part of a dynamic research team of vulnerability researchers, reverse engineers, exploit development specialists, developers, and testers. The ideal candidate shall possess low-level mobile or embedded device vulnerability research skills with a particular emphasis on security of firmware, applications, and hardware.

+ Security engineering of mobile devices, wireless systems and its protocols

+ Use static and dynamic analysis techniques in search for vulnerabilities

+ Scripting/automating and tooling using python for various VR/RE tasking activities

+ Critically analyzing, interpreting, and communicating experimental results (e.g. fuzzing and triaging crashes)

+ Conducting experiments in discovery of new code paths

+ Formally and informally document finding, enumerated surfaces and code at various levels of maturity (e.g. throw away code during experimentations, productizing a PoC toward maintainable state)

**Required Education, Experience, & Skills**

Essential Skills and Requirements:

+ Proficiency using one or more tools such as IDA Pro, Ghidra, Binary Ninja, Frida or similar, to determine how software works and processes data. Platforms include x86, ARM, or ARM64.

+ Experience in static and dynamic reverse engineering of kernel, system services, [typically] binary code written for popular mobile platforms using languages such as C/C , Java, Objective-C, Swift, and others.

+ Experience in identifying exploitable vulnerabilities, such as stack and heap-based memory corruption, integer overflows, and logical flaws.

+ The ability to understand read/write programs in a variety of languages:

+ Python (required)

+ C (required)

+ Working knowledge of OS architectures to recognize how operating systems function, such as the separation between kernel and user space, inter-process communication, and peripheral input/output.

+ Knowledge of common mobile architectures and their associated security models, including memory protections, capabilities' permissions enforcement, process sandboxing, inter process communications, and hardware features including data encryption and wireless communications.

+ Experience working on multiple OS platforms such as Mac, Windows, iOS, Android, and Linux.

+ Experience using Atlassian tool suite tools (JIRA Agile, Bamboo, BitBucket, Confluence).

+ Willingness to work alongside others, teach co-workers/clients/customers, and learn new technical trades for becoming a resident expert within a team.

+ BS Degree in Computer Science or related technical areas

+ Relevant Certifications and Training (e.g. "Android or iOS Internals", "Kernel or User Space Exploitation", "Fuzzing")

**Preferred Education, Experience, & Skills**

Junior-level candidates must possess a minimum 2 years of VR/RE experience or equivalent Capture-the-Flag (CTF) related initiatives.

Mid-level candidates must possess a minimum 4 years of experience in embedded/desktop/server platforms.

Senior-level candidates must possess a minimum 6 years of experience in VR/RE and be knowledgeable of mobile platforms; specifically, iOS and/or Android internals.

Desired Skills

+ The ability to understand read/write programs in a variety of languages, such as

+ C (desired)

+ Java (desired)

+ Objective-C (desired)

+ Experience with how symmetrical and asymmetrical encryption functions.

+ Experience with writing and running data fuzzers with expertise in analyzing results to identify vulnerabilities.

+ Experience working in an Agile or DevOps environment.

**Software Developer - Vulnerability Research / Reverse Engineering (VR/RE)**

**91123BR**

EEO Career Site Equal Opportunity Employer. Minorities . females . veterans . individuals with disabilities . sexual orientation . gender identity . gender expression