Company: BITS, a CACI Company
Summary: Come join CACI's exciting and cutting-edge Cyber Capabilities and Development Division (C2D2) as we push the envelope to enable our nation's cyberspace operations! In C2D2, there isn't a day that goes by where you won't be challenged and have the opportunity to grow in an environment of innovation and fun! Although CACI is a mid- to large-sized company, C2D2 operates like an independent small agile business, developing and executing on both long-term projects, as well as, Quick Reaction Capability development, rapid acquisition, and short-term deliverables. We approach our Customers as mission partners and focus on mission-oriented capabilities that deliver tip-of-the-spear force multiplying effects. In short, we believe in our mission, our team, and our solutions!
As a Vulnerability Researcher, you will analyze systems to understand how they work, where they have weaknesses, and how they behave when they break. This analysis crosses the disciplines of hardware, software and firmware. As such, our Vulnerability Researchers must be both comfortable disassembling and assembling systems and equipment, and also somewhat conversant in coding.
Duties and Responsibilities:
- Reverse engineer Customer Furnished Equipment, Commercial-Off-The-Shelf (COTS) equipment, and other equipment to understand how the system hardware, software and firmware operate together.
- Analyze the system and identify exploitable vulnerabilities.
- Develop vulnerability research and reverse engineering reports with sufficient depth and detail such that cyber capability developers can translate the reports into technical requirements for cyber tools and/or products that exploit system weaknesses.
- Conduct detailed source code reviews of custom developed solutions, to include static and runtime analysis to identify security vulnerabilities and performance bottlenecks.
- Contribute to the development of highly technical hardware and software cyber solutions that interact with industrial, military, communications, aerospace, and other applications, applying principles and techniques of computer science, engineering, and mathematical analysis.
- Develop and/or support development of system documentation (requirements analysis, testing procedures, configuration management, user guides, etc.).
- Experience with C/C++, Python, Java, Ruby (minimum one scripting and one programming langugage)
- 5 or more of the "desired skills" below
- Understanding of OS Internals (binaries associated with any major OS)
- Experience reading or writing assembly (x86, x64, ARM, PPC, MIPS, SPARC, 68k, or others)
- Experience developing embedded systems and tools
- Understanding of network protocols (TCP/IP stacks, wire-level protocols, RF communications, BGP, routing protocols, or others)
- Understanding of exploit mitigations such as DEP and ASLR
- Experience using reverse engineering tools such as IDA Pro, HexRays, or objdump
- Experience using debuggers such as gdb, WinDbg, OllyDbg
- Conducted penetration testing (able to use tools such as Metasploit)
- Experience with fuzzing tools (e.g. AFL, Peach) and interpreting crash reports that result from fuzzing
- Have participated in multiple CTF eventsEDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and seven to nine years of related experience.
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.