Date Posted:
2023-08-18
Country:
United States of America
Location:
VA128: 4075 Wilson Blvd, Arlington 4075 Wilson Boulevard Suite 500, Arlington, VA, 22217 USA
Position Role Type:
Unspecified
Android Vulnerability Research (Onsite)
Raytheon CODEX seeks smart, motivated, and self-driven Vulnerability Researchers to join our team and translate knowledge of system internals, fuzz testing tools, and vulnerability patterns into capabilities for our customers. Researchers will work as members of highly visible teams performing discovery, reverse engineering, and development against complex software applications. Android experience is highly desirable, but may be waived for experience with analogous systems (e.g. Linux derivatives or embedded OSs).
All candidates must be US citizens and be able to obtain and maintain a top secret government security clearance.
Our Culture
We foster an environment to develop and deliver capabilities that push beyond the state of the art. We directly invest in our engineers’ ideas and novel technologies, providing engineers paid hours to innovate for our customers. We host industry training for our staff in browser exploitation, OS internals, and reverse engineering. We encourage engineers to take risks, and approach problems in new ways. Our delivered software products feature novel exploitation techniques and new innovations developed by engineers with the freedom to occasionally fail. Our cafes are stocked with free snacks and beverages and lunch is catered weekly. We strive to create a relaxed culture dedicated to technical excellence and mission impact, where engineers are empowered and recognized for their success.
Benefits
In addition to competitive salaries, CODEX offers excellent benefits for you and your family: competitive medical, dental and vision plans, child, elderly and dependent-care programs, mental health resources, tuition assistance, employee discount programs, 401k matching, flexible work schedules, a peer recognition and reward system, and performance-based bonuses. CODEX provides funding for engineers to attend and participate in technical conferences including major security conferences like DefCon, ReCon, and SmooCon.
Position Description
Researchers will join successful engineering teams that break down target systems, applications, and software into subcomponents and trace dataflow from user & system inputs to potentially vulnerable functions on Android devices. Researchers are expected to apply static and dynamic analysis techniques for vulnerability identification including the use of public fuzz testing tools (e.g. AFL++), decompilers (e.g. Hex Rays), and disassemblers (e.g. IDAPro & Ghidra). Applicants are expected to perform novel research against proprietary network protocols, software architectures, multimedia formats, and evaluate both closed and open-source binaries.
Technical Requirements
- Experience applying fuzz testing tools (e.g. AFL, AFL++, LibFuzzer), or performing static analysis to identify exploitable software vulnerabilities.
- Experience reading assembly language, ARM/ARM64 preferred
- Android or Linux system programming experience (e.g. POSIX APIs)
- Experience with C/C++ compilation, and in-process memory layout
- Experience programming with Python
Preferred Experience:
- Experience developing against or working with large, open source projects (e.g. AOSP)
- Experience developing and productizing exploits
- Familiarity with AFL instrumentation, and code coverage
- Familiarity with Android subsystems and components (e.g. Binder, Application loading, JNI, Dynamic ELF Loading)
- Development of novel genetic search algorithms, and scoring techniques
- Application of novel mutation schemes (e.g. Fuzilli)
- Experience with APKs, and application packaging on Android devices
- Familiarity with APK decompilation tools such as JEB, JADX or Dex2Jar
Employee Referral Award Eligibility
This requisition is eligible for an employee referral award. ALL eligibility requirements must be met to receive the referral award.
RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Privacy Policy and Terms:
Click on this link to read the Policy and Terms