About the role

The CERT Division of the Software Engineering Institute (SEI) is seeking an applicant for the role of a Reverse Engineer Researcher for the Threat Analysis directorate. The SEI is a federally funded research and development center at Carnegie Mellon University.   

 What you’ll do 

• Reverse engineer malicious code in support of high-impact customers, design and develop new analysis methods and tools, work to identify and address emerging and complex threats, and effectively participate in the broader security community 

• Perform in-depth reverse engineering of malicious code, document and transition results in reports, presentations, and technical exchanges 

• Explore ways to use artificial intelligence to support of reverse engineering and apply reverse engineering practices to artificial intelligence systems

• Design, prototype, and transition new analysis methods and tools 

• Identify and document emerging and complex active security threats 

• Participate in the broader security community through collaboration, papers, and presentations 

Who you are  

• You have BS in Computer Science or related discipline with eight (8) years of experience; OR MS in the same fields with five (5) years of experience; OR PhD in the same fields with two (2) years of experience.

• You enjoy working on emerging and complex malware analysis and reverse engineering problems.

• You have an analytical mindset and deep curiosity about how software works.

• You have the ability to balance rapid prototyping with maintainable tool development.

• You have strong technical writing experience.

• You recognize and deal appropriately with confidential and sensitive information.

• You are able to handle continual shifting priorities.

• You enjoy mentoring and training others as well as sharing knowledge.

• You communicate effectively with technical and non-technical audiences.

• You have a willingness to travel to various locations to support the SEI’s overall mission This includes sponsor sites, conferences, and offsite meetings on occasion. Moderate Travel (15%) 

• You will be subject to a background check and obtain and maintain an active Department of War security clearance 

You have experience with or knowledge of 

• Reverse engineering software binaries for a variety of architectures, both at the user level and kernel level

• Static analysis tools (e.g. IDA Pro, NSA Ghidra, Binary Ninja)  

• User-level and kernel-level debuggers (e.g. x32dbg, x64dbg, gdb, WinDbg)

• Native programminglanguages (e.g. C/C++). 

• High-level programming languages (e.g. Java, Python, GoLang, etc.)

• Software engineering and design concepts 

• Firmware and device driver development

• Malware tradecraft and threat actor tactics, techniques, and procedures (TTPs) 

• Malware signature creation and use,independent of detection technology 

• Operating system concepts and internals and binary file formats (e.g. PE, ELF, Mach-O, etc.)

• Internet Protocols and network analysis tools (e.g. Wireshark, netcat, etc.) 

• Compiler theory, cryptography, and malware deobfuscation techniques.

• Mobile device development and reverse engineering 

• Malware sandboxes or instrumentation frameworks (e.g., Frida, QEMU, Unicorn Engine).

• General understanding and experience in artificial intelligence and machine learning and using artificial intelligence to support reverse engineering and malware analysis

Location