Logo

Connecting Employers With Military Veterans!

Posted by: Cinteot on Jan 07, 2021


Location:

Ft Meade , MD

Job Description:

Cinteot is seeking a Vulnerability Researcher (VR) in Fort Meade, MD.

The Vulnerability Researcher provides engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.

TS/SCI with a Full Scope Poly Required

Desired Skills:

- Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments
- Use of Unix/Windows system API's
- Understanding of virtual function tables in C++
- Heap allocation strategies and protections
- Experience with very large software projects a plus
- Kernel programming experience (WDK / Unix||Linux) a significant plus
- Hardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.
- For Hardware reverse engineering, candidates expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g. not interested in FPGA reverse engineering, or other circuit reverse engineering)
- Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.


The Level 2 Vulnerability Researcher shall possess the following Capabilities:

- Actively debug software and troubleshoot issues with software crashes and programmatic flow
- Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw
- Ability to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
- Provide/author and participate in technical presentations on assigned projects
- Lead reverse engineering and vulnerability research of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities

Qualifications:

- Meets all qualifications of a CNO Vulnerability Researcher/Analyst I, but has the following increased experience and skill levels
- Minimum four (4) years' experience programming in Assembly, C, C#, C++, Perl, or Python for a production environment
- Minimum of five (5) years contiguous experience in computer science, information systems, or network engineering; or Bachelor's Degree in Computer Science or related field plus minimum three (3) years contiguous experience
- Minimum four (4) years demonstrated experience in either hardware or software reverse engineering

Benefits:

-Complete Insurance Coverage - Blue Cross Medical, Delta Dental, Vision, Life
- 401k with Company Contribute
- Generous Paid Time Off


Cinteot is an Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.

Education Level:

Bachelors degree or higher

Pay Rate:

Commensurate with experience

HR. Website URL:

https://cinteot.com/cinteot-careers/#!/search?page=1

Security Clearance:

Top secret

Travel Requirements:

None

Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)

About Cinteot

Early on, Cinteot personnel wrote the Database Security Requirements Guide (SRG) and Database Security Technical Implementation Guides (STIGs) for DISA’s Field Security Office. Since those days, Cinteot has invested many hours of security training in its employees. We’ve built templates for system security documentation that have been tested in multiple C&A and Corporate IT Security Reviews in both DoD and DHS. We have certified DISA reviewers on staff to assist in CCRI and C&A prep.

Please visit this employer's Public Profile to see more jobs offered by Cinteot