Raytheon Technologies Vulnerability Researcher - FL in Melbourne, Florida
Raytheon Technologies is a premier engineering company that provides technical solutions in software development and systems engineering to address security challenges and support our customers’ missions. Raytheon hires industry-leading professionals and treats them like industry-leading professionals.
Raytheon Technologies’ CODEX (Cyber Offense and Defense Experts) division brings together an elite team of mission-focused industry experts who are well known for their ability to overcome the most advanced technical challenges. The team comprises engineers of multiple disciplines including vulnerability research, reverse engineering, CNO/CNE development, hardware emulation, system engineering, data analytics and test engineering.
Here at CODEX, we are passionate about technical excellence and innovation. That’s why we only take on work that is hard, engaging and meaningful. We foster an environment where pushing the limits of our technical ability is the norm. Occasional failure does not deter us. True innovation comes from trying new things and seeing what works. We understand that this approach can be challenging so we take our breaks seriously, too! Smash Bros©, D&D© and tabletop games fill our free time. Surfers and Nerf assassins roam our halls. Wicked program artwork and random memes cover our walls. Our cafes are fully stocked with free snacks and beverages and lunch is catered weekly. We strive to create a relaxed culture with an unmatched rate of mission results.
In addition to competitive salaries, CODEX offers excellent benefits for you and your family: competitive medical, dental and vision plans, child, elderly and dependent-care programs, mental health resources, tuition assistance, employee discount programs, 401k matching, flexible work schedules (depending on program), a peer recognition and reward system and performance-based bonuses.
Vulnerability Research at CODEX
Our team covers the full life cycle of Vulnerability Research from reverse engineering and emulation, through vulnerability discovery, to productization and effects generation. Our mission covers a wide range of targets, anything form major consumer electronics to proprietary one-off systems. If it runs code, we have probably looked at it (or will soon.) If you want to find and develop non-traditional methods of acquiring access to computer-based systems AND get paid, this is the place for you.
Familiarity with at least one common low-level architecture (x86, ARM, etc.) is required, as is the ability to conduct vulnerability research against applications compiled for that architecture. Experience with software protection and binary armoring is a plus and familiarity with modern exploitation mitigation techniques and counter-measures is a must.
Some development experience is preferred and some scripting experience is required. Whether in Python, Ruby or some other language, you should be capable of quickly developing the tools needed to help you succeed in your reverse engineering and vulnerability research efforts. If you’ve written a kernel paged pool exploit or a userland stack-based buffer overflow, built your own adaptable instrumentation or integrated a solver to help you identify and reach code, you’ll be right at home.
Projects will be undertaken in small teams with close coordination with customers to quickly enhance capabilities or resolve issues in existing tools. Working as part of a team you will also need to be familiar with source management tools such as GIT and team coordination tools like the Atlassian suite of work products. All candidates must be US citizens and be able to obtain and maintain a government security clearance.
2+ years of experience with C/C+
- 1+ years of experience with assembly language (x86/64, ARM, PPC, Mips, etc.)
Familiarity with at least one scripting language (Python, Ruby, etc.)
Understanding of exploit mitigations such as DEP and ASLR
Experience using reverse engineering tools (IDA Pro, BinaryNinja, Ghidra)
Experience with debugging tools (WinDbg, gdb, lldb, OllyDbg)
Familiarity with source management tools
Knowledge of typical embedded systems including UART, boot-up sequences and updating devices
Embedded system development and/or hardware debugging using JTAG/gdb
Full system emulation
Experience with modern C++ development, such as RAII, C++11 and C+
- Understanding of network protocols (TCP/IP stacks, wire-level protocols, RF communications, BGP, routing protocols, or others)
Degrees are not required for our positions but they can be helpful. Certifications are appreciated but not necessarily indicative of your preparedness for the day-to-day skills this position requires.
Current TS/SCI is strongly desired. Must be eligible and able to obtain and maintain a security clearance.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.