BTS Software Solutions
Vulnerability Researcher*III
BTS Software Solutions, Baltimore, Maryland, United States, 21276
Vulnerability Researcher IIIREQ ID:976-03BTS Software Solutions
is seeking a
Vulnerability Researcher III
with an active
TS/SCI w/ POLY
to join our team in Annapolis Junction, MD.What You'll Get To Do:
Actively debug software and troubleshoot issues with software crashes and programmatic flow.Perform source code analysis to discover software flaws and provide/author documentation on the impact and severity of the flaw.Develop proof-of-concept exploits against research targets, prototypes, and conduct hands-on demonstrations of vulnerability analysis results.Provide/author and participate in technical presentations on assigned projects.Lead reverse engineering and vulnerability research.Debug software and troubleshoot issues with software crashes and programmatic flow.Develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and conduct hands-on demonstrations of vulnerability analysis results.Edit/Approve and participate in technical presentations on assigned projects.Serve as Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis.You'll Bring These Skills:
Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on understanding system interactions with these libraries vs. production-style environments.Use of Unix/Windows system APIs.Understanding of virtual function tables in C++.Heap allocation strategies and protections.Experience with very large software projects is a plus.Kernel programming experience (WDK / Unix||Linux) is a significant plus.Hardware/Software reverse engineering, including the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware.Candidates should merge low-level knowledge about compilation of C/C++ code with an understanding of system design to identify and exploit common vulnerability patterns, including user-mode stack-based buffer overflows and heap-based exploitation strategies.Education/Qualifications:
Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, with increased experience and skill levels.Proven results from participation in vulnerability discovery efforts within the last twelve (12) months.Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.Pay Range: $260,000 to $300,000The BTS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package.About BTS Software Solutions:
BTS Software Solutions
is a Service Disabled Veteran Owned Small Business focused on transforming ideas into technology to serve people. We recognize that innovation is only valuable when applied towards a needed solution. Our roots are in helping save Soldiers' lives through technology. We create solutions that touch people's lives - products to communicate, to connect companies with customers, to stay informed, to save lives, and to enhance lives.We have a small company persona with a large company ethos and capabilities; we create elegant solutions for complex problems that will enrich people's lives.
BTS
offers one of the best benefits packages in the industry:
100% Company PAID health benefits , PTO, 401K matching and vested from day one of employment.BTS Software Solutions is an Equal Opportunity Employer (EOE). All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
#J-18808-Ljbffr
is seeking a
Vulnerability Researcher III
with an active
TS/SCI w/ POLY
to join our team in Annapolis Junction, MD.What You'll Get To Do:
Actively debug software and troubleshoot issues with software crashes and programmatic flow.Perform source code analysis to discover software flaws and provide/author documentation on the impact and severity of the flaw.Develop proof-of-concept exploits against research targets, prototypes, and conduct hands-on demonstrations of vulnerability analysis results.Provide/author and participate in technical presentations on assigned projects.Lead reverse engineering and vulnerability research.Debug software and troubleshoot issues with software crashes and programmatic flow.Develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and conduct hands-on demonstrations of vulnerability analysis results.Edit/Approve and participate in technical presentations on assigned projects.Serve as Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis.You'll Bring These Skills:
Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on understanding system interactions with these libraries vs. production-style environments.Use of Unix/Windows system APIs.Understanding of virtual function tables in C++.Heap allocation strategies and protections.Experience with very large software projects is a plus.Kernel programming experience (WDK / Unix||Linux) is a significant plus.Hardware/Software reverse engineering, including the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware.Candidates should merge low-level knowledge about compilation of C/C++ code with an understanding of system design to identify and exploit common vulnerability patterns, including user-mode stack-based buffer overflows and heap-based exploitation strategies.Education/Qualifications:
Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, with increased experience and skill levels.Proven results from participation in vulnerability discovery efforts within the last twelve (12) months.Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.Pay Range: $260,000 to $300,000The BTS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package.About BTS Software Solutions:
BTS Software Solutions
is a Service Disabled Veteran Owned Small Business focused on transforming ideas into technology to serve people. We recognize that innovation is only valuable when applied towards a needed solution. Our roots are in helping save Soldiers' lives through technology. We create solutions that touch people's lives - products to communicate, to connect companies with customers, to stay informed, to save lives, and to enhance lives.We have a small company persona with a large company ethos and capabilities; we create elegant solutions for complex problems that will enrich people's lives.
BTS
offers one of the best benefits packages in the industry:
100% Company PAID health benefits , PTO, 401K matching and vested from day one of employment.BTS Software Solutions is an Equal Opportunity Employer (EOE). All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
#J-18808-Ljbffr