Raytheon Technologies Vulnerability Researcher in Melbourne, Florida
We understand that the price of excellent results is learning from our failures. That’s why we turn away work that isn’t hard, engaging, and meaningful. If you aren’t struggling to succeed, you aren’t pushing hard enough. This type of work can be draining, exhausting, and demoralizing. So, we take our breaks seriously too. Surfboards, nerf guns, and wicked program artwork cover our walls. Smash Bros, DND, and tabletop games fill our free time. We have created a relaxed work environment with an unmatched rate of mission results.
Our team covers the full life cycle of Vulnerability Research from reverse engineering and emulation, through vulnerability discovery, to productization and effects generation. Our team also covers a wide range of targets, anything from major consumer electronics to custom proprietary one off systems. If it runs code, we have either already looked at it or will soon.
Key areas of focus include:
• Hardware debugging using JTAG/gdb
• Knowledge on typical embedded systems including UART, boot-up sequences, and updating devices
• Reverse Engineering ARM, PPC, or Mips binaries
• Discovering Vulnerabilities in firmware, device drivers, or in proprietary embedded operating systems
• Repurposing vulnerabilities for specific effects
• Static and dynamic Analysis
• Fuzzer Development
• Malware analysis
• System Emulation
If you want to create non-traditional methods of acquiring access to computer based systems AND get paid, this is the place for you.Information security continues to be a growth industry and we are constantly looking to find the right candidates who can do this challenging work.
Familiarity with at least one common low-level architecture (x86, ARM, etc) is important, as is the ability to conduct vulnerability research against applications compiled for that architecture. Experience with software protection and binary armoring is a plus, and familiarity with modern exploit mitigation techniques and counter-measures is a must. Experience with one of the four platforms: specific platform: Windows, Linux, iOS, embedded. 2-4 years of related experience.
Development experience is desired, but at least some scripting experience is required. Whether in python, ruby, or some other language, you should be capable of quickly developing the instruments needed to help you succeed in your reverse engineering and vulnerability research efforts. The most capable candidates will have a variety of low-level operating systems experience as well as cross-platform vulnerability research. If you've written everything from a kernel paged pool exploit to a simple userland stack-based buffer overflow, built your own adaptable instrumentation and integrated a solver to help you identify and reach code, or modified emulators and JIT engines to add your own instrumentation to help you identify entire classes of vulnerabilities, you'll be right at home.
Candidates must be able to defeat advanced security techniques. Projects will be undertaken in small teams with close coordination with customers to quickly enhance capabilities or resolve issues in existing tools.
As the majority of our customers are government agencies, all candidates must meet the minimum qualifications for access to classified information. U.S. citizenship is required. All candidates must be able to obtain and maintain a government security clearance.
Working as part of a team you will also need to be familiar with source management tools such as GIT and team coordinating instruments like Atlassian suite of work products.
Degrees are not required for our positions, but they can be helpful. Certifications are appreciated, but not necessarily indicative of your preparedness for the day to day this position requires.
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.