Raytheon Technologies Vulnerability Researcher in Melbourne, Florida
Raytheon Technologies’ CODEX (Cyber Offense and Defense Experts) division brings together an elite team of mission-focused industry experts who are well known for their ability to overcome the most advanced technical challenges. The team comprises engineers of multiple disciplines including vulnerability research, reverse engineering, CNO/CNE development, hardware emulation, system engineering, and data analytics.
Here at CODEX, we are passionate about technical excellence and innovation. That’s why we turn away work that isn’t hard, engaging and meaningful. If you aren’t struggling to succeed, you aren’t pushing hard enough. This type of work can be draining, exhausting and demoralizing so we take our breaks seriously, too! Smash Bros, D&D and tabletop games fill our free time. Surfers and Nerf assassins roam our halls. Wicked program artwork and random memes cover our walls. We have created a relaxed work environment with an unmatched rate of mission results.
Our team covers the full life cycle of Vulnerability Research from reverse engineering and emulation, through vulnerability discovery, to productization and effects generation. Our team also covers a wide range of targets, anything form major consumer electronics to custom proprietary one-off systems. If it runs code, we have probably looked at it (or will soon.)
If you want to find and develop non-traditional methods of acquiring access to computer-based systems AND get paid, this is the place for you. Information security continues to be a growth industry and we are constantly looking to find motivated candidates who can do this challenging work.
Familiarity with at least one common low-level architecture (x86, ARM, etc.) is required, as is the ability to conduct vulnerability research against applications compiled for that architecture. Senior candidates should have multiple years of exposure to the internals of at least one major operating system (*nix, Windows, iOS/MacOS) or be very familiar with embedded operating systems. Experience with software protection and binary armoring is a plus and familiarity with modern exploitation mitigations and counter-measures is a must. Candidates at this level should be able to defeat advanced security techniques.
Five or more years of development experience is preferred and scripting experience is definitely required. Whether in Python, Ruby or some other language, you should be capable of quickly developing the tools needed to help you succeed in your reverse engineering and vulnerability research efforts. If you’ve written a kernel paged pool exploit or a simple userland stack-based buffer overflow, built your own adaptable instrumentation or integrated a solver to help you identify and reach code, you’ll be right at home.
Projects will be undertaken in small teams with close coordination with customers to quickly enhance capabilities or resolve issues in existing tools. Working as part of a team you will also need to be familiar with source management tools such as GIT and team coordination instruments like the Atlassian suite of work products. As the majority of our customers are government agencies, all candidates must meet the minimum qualifications for access to classified information. US citizenship is required. All candidates must be able to obtain and maintain a government security clearance.
5+ years of experience with C/C+
- 5+ years of experience with assembly language (x86/64, ARM, PPC, Mips, etc.)
5+ years of experience with a scripting language (Python, Ruby, etc.)
Understanding of exploit mitigations such as DEP and ASLR
5+ years of experience using reverse engineering tools (IDA Pro, BinaryNinja, and objdump)
5+ years of experience with debugging tools (WinDbg, gdb, lldb, OllyDbg)
3+ years 0-day/n-day exploitation experience
2+ years of internals experience with at least one major OS (*nix, Windows, iOS/MacOS) or embedded systems
Familiarity with source management tools
Embedded system development
Hardware debugging using JTAG/gdb
Knowledge of typical embedded systems including UART, boot-up sequences and updating devices
Full system emulation
Experience with modern C++ development, such as RAII, C++11 and C+
- Understanding of network protocols (TCP/IP stacks, wire-level protocols, RF communications, BGP, routing protocols, or others)
Degrees are not required for our positions but they can be helpful. Certifications are appreciated but not necessarily indicative of your preparedness for the day-to-day skills this position requires.
Current TS/SCI is strongly preferred
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, age, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.