Are you an elite level programmer / researcher that thrives on finding zero day vulnerabilities? We have a long term position working in an extreme agile environment that our team members say is "best job I've ever had". This position is for the person that loves attacking problems from many different angles, exploring alternatives, and quickly pursuing toward a unique solution. This position is for the person that thrives in an environment that encourages "fail fast, fail often, until you succeed." The team has incredible resources to use attack the "problem of the week". Results are highly satisfying and you go home at the end of the day knowing your work makes a difference. If you are creative, tenacious, and an elite programmer / researcher, this position is for you.Required Education, Experience, & Skills
Vulnerability Researchers/ Reverse Engineers will provide mobile-focused software reverse engineering and vulnerability research expertise. This role is focused on vulnerability identification and specialized software development of one of many layers of the mobile stack, including device firmware, mobile operating systems, and first and third-party mobile applications. Candidates shall also possess unique software development skills to aid the team in reverse engineering and rapid response challenges. Personnel serve as a part of and research team consisting of mobile device and mobile data vulnerability specialists. Candidates will be required to possess experience in binary reverse engineering and software vulnerability utilization discovery. Senior-Level candidates shall possess a minimum of 6 years' of directly relevant experience and either a BS or BA degree.
Preferred Education, Experience, & Skills
- Experience using industry standard RE tools (IDA Pro, Ghidra, JEB, Hopper) to determine how closed-source software functions
- Experience developing, debugging and/or reverse engineering code for popular mobile programming languages (i.e., Java, Objective-C, Swift, etc.)
- Experience with the vulnerability research and engineering of mobile devices and/or the software within mobile devices to enable surveillance or access to protected information
- Experience determining how files are structured and identifying standard methods for encoding data
- Comfortable viewing, analyzing, and understanding raw binary data
- Ability to write programs in a variety of languages, such as C, C++, C#, Python and Java
- Understanding of how operating systems function, such as the separation between kernel and user space
- Knowledge of common mobile architectures and their associated instructions, including x86, ARM, and ARM64
- Experience working on multiple OS platforms, including Linux, Mac, Windows, Android, and iOS
- Experience with iOS and Android mobile development languages, including Java, Objective-C, or Swift
- Possession of exceptional interpersonal skills, including ability to: work alongside others, teach co-workers and clients/customers, and learn new technical trades and become a resident expert within a team
- Previous experience working in an agile development environment with short duration tasking
About BAE Systems Intelligence & Security
- BA/BS Degree in Software Development or Computer Science
- Experience in identifying and utilizing vulnerabilities, such as memory corruption through stack overflows, heap overflows, integer overflows, and logical flaws
- Experience with vulnerability mitigation such as ASLR, code signing, non-executable memory protections, and sandboxing
- Experience with methods to bypass vulnerability mitigation and detection techniques
- Experience with writing and running data fuzzers
- Expertise in analyzing results to identify vulnerabilities
- Understanding of how symmetrical and asymmetrical encryption functions and is implemented in various code flows
- Experience with relational database management systems (i.e., SQL and SQLite)
- Ability to analyze and decode data packets over a networked connection, and experience with network analysis tools (e.g., Wireshark)
- Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML, etc.
BAE Systems, Inc. is the U.S. subsidiary of BAE Systems plc, an international defense, aerospace and security company which delivers a full range of products and services for air, land and naval forces, as well as advanced electronics, security, information technology solutions and customer support services. Improving the future and protecting lives is an ambitious mission, but it's what we do at BAE Systems. Working here means using your passion and ingenuity where it counts - defending national security with breakthrough technology, superior products, and intelligence solutions. As you develop the latest technology and defend national security, you will continually hone your skills on a team-making a big impact on a global scale. At BAE Systems, you'll find a rewarding career that truly makes a difference.
Intelligence & Security (I&S), based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels.
At BAE Systems, we celebrate the array of skills, experiences, and perspectives our employees bring to the table. For us, differences are a source of strength. We're laser-focused on high performance, and we work hard every day to nurture an inclusive culture where all employees can innovate and thrive. Here, you will not only build your career, but you will also enjoy work-life balance, uncover new experiences, and collaborate with passionate colleagues.