BTS Software Solutions

Vulnerability Researcher III

BTS Software Solutions$260K — $300K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 5-7 years of experience in software vulnerability research and analysis.
  • Proficiency in programming languages such as Assembly, C, C#, C++, Perl, or Python.
  • Experience with Unix/Windows system APIs.
  • Deep understanding of virtual function tables and heap allocation strategies.
  • Familiarity with tools like IDA Pro, Ghidra, or Binary Ninja for reverse engineering.
  • Prior experience in discovering multiple 0-day vulnerabilities in recent projects.
  • Technical leadership with an ability to impart knowledge to team members.

Responsibilities

  • Debug software and troubleshoot crashes and programmatic flow issues.
  • Perform source code analysis to identify software flaws and document their impact.
  • Develop proof-of-concept exploits for research targets and demonstrate findings.
  • Lead reverse engineering and vulnerability research initiatives.
  • Author and present technical documentation on project findings and recommendations.
  • Create robust exploits addressing edge cases beyond initial proof-of-concept versions.
  • Act as a Subject Matter Expert in one specific technology area related to vulnerability analysis.

Benefits

  • Health, dental, and vision insurance.
  • Retirement savings plan with company matching.
  • Opportunities for professional development and training.
  • Flexible work arrangements.
  • Paid time off and holidays.
Full Job Description
Vulnerability Researcher III

REQ ID:976-03

BTS Software Solutions is seeking a Vulnerability Researcher III with an active TS/SCI w/ POLY to join our team in Annapolis Junction, MD.

What You'll Get To Do:
  • Actively debug software and troubleshoot issues with software crashes and programmatic flow
  • Ability to perform source code analysis in an effort to discover software flaws, and
  • provide/author documentation on the impact and severity of the flaw
  • Ability to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
  • Provide/author and participate in technical presentations on assigned projects
  • Lead reverse engineering and vulnerability research
  • Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow
  • Ability to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flaw
  • Ability to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results
  • Edit/Approve and participate in technical presentations on assigned projects
  • Subject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis

You'll Bring These Skills:
  • Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments
  • Use of Unix/Windows system API's
  • Understanding of virtual function tables in C++
  • Heap allocation strategies and protections
  • Experience with very large software projects a plus
  • Kernel programming experience (WDK / Unix||Linux) a significant plus
  • Hardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.
  • For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g. not interested in FPGA reverse engineering, or other circuit reverse engineering).
  • Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.

Education/Qualifications:
  • Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levels
  • Proven results from participation in vulnerability discovery efforts within the last twelve (12) months
  • Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.

Pay Range: $260,000 to $300,000
The BTS pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Our approach to crafting offers considers various factors to establish an equitable and competitive compensation package. These considerations include, but are not limited to, the extent and intricacy of the role's responsibilities, the candidate's educational background, their work experience, and the specific competencies crucial for success in the role

About BTS Software Solutions

BTS Software Solutions is a software development company that provides custom software solutions to businesses. The company was founded in 1998 by Dr. M. H. Dehghani. BTS Software Solutions' services include software development, web development, mobile app development, and IT consulting. The company has worked with clients in various industries, including healthcare, finance, and government.
Learn more about BTS Software Solutions
Size
100 employees
Industry

Similar Jobs

More Jobs at BTS Software Solutions

More Information Technology Jobs

Find similar Vulnerability Researcher III jobs: