Vulnerability Researcher with Security Clearance - Full-time / Part-time

Job Description Job Title: Vulnerability Researcher Labor Category: CNO Vulnerability Researcher/Analyst I, II, III Clearance: Top TS/SCI Clearance with Polygraph Location: Ft. Meade, MD About ARSIEM Corporation At ARSIEM Corporation we are committed to fostering a proven and trusted partnership to our government clients. ARSIEM has an experienced workforce of qualified professionals committed to providing the best possible support. As demand increases, ARSIEM Corporation continues to provide reliable and cutting-edge technical solutions at the best value to our clients. That means a career packed with opportunities to grow and the ability to have an impact on every client you work with. ARSIEM provides support to multiple agencies across the United States Government. That means a career packed with opportunities to grow and the ability to have impact to every person you interact with. Overview ARSIEM is looking for a Vulnerability Researcher. This position will support one of our Government clients in Ft. Meade, MD. What you will do Provide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for use in the discovery of initial access capabilities. What you will have Required Level I * Bachelor's Degree in Computer Science or related field or minimum two (2) years' experience in computer science, information systems, or network engineering.
* Minimum two (2) years' experience programming in Assembly, C, C#, C++, Perl, or Python for a production environment.
* Minimum two (2) years demonstrated experience in either hardware or software reverse engineering.
* Demonstrated experience and ability to: * Debug software and troubleshoot issues with software crashes and programmatic flow.
* Provide written reports, proof-of-concept code, prototypes, and hand-on demonstrations of reverse engineering and vulnerability analysis results, .
* Author and present technical presentations on assigned projects. Level II * Meets all qualifications of a CNO Vulnerability Researcher/Analyst I, but has the following increased experience and skill levels
* Minimum four (4) years' experience programming in Assembly, C, C#, C++, Perl, or Python for a production environment
* Minimum of five (5) years contiguous experience in computer science, information systems, or network engineering; or Bachelor's Degree in Computer Science or related field plus minimum three (3) years contiguous experience
* Minimum four (4) years demonstrated experience in either hardware or software reverse engineering
* Demonstrated experience and ability to: * Debug software and troubleshoot issues with software crashes and programmatic flow.
* Perform source code analysis to discover software flaws and provide/author documentation on the impact and severity of the flaw.
* Develop proof-of-concept exploits against research targets, prototypes, and hand-on demonstrations of vulnerability analysis results.
* Provide/author and participate in technical presentations on assigned projects
* Lead reverse engineering and vulnerability research. Level III * Meets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levels. * Proven results from participation in vulnerability discovery efforts within the last twelve (12) months.
* Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.
* Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) that ultimately achieve reliable remote code execution and/or reliable privilege escalation.
* Demonstrated experience and ability to: * Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flow.
* Perform source code analysis to discover software flaws and provide/author documentation on the impact and severity of the flaw.
* Develop offensive tools
* Edit/approve and participate in technical presentations on assigned projects.
* Act as SME/lead reverse engineering efforts. Desired: * Experience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environments
* Use of Unix/Windows system API's
* Understanding of virtual function tables in C++
* Heap allocation strategies and protections
* Experience with large software projects a plus
* Kernel programming experience (WDK / Unix||Linux) a significant plus
* Hardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.
* For Hardware reverse engineering, candidates expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g., not interested in FPGA reverse engineering, or other circuit reverse engineering).
* Candidates who can merge low-level knowledge about compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies. You will be * Self-motivated
* Team-oriented
* People-oriented ***CANDIDATE REFERRAL: Do you know someone who would be GREAT at this role? If you do, ARSIEM has a way for you to earn a bonus through our referral program for persons presenting NEW (not in our resume database) candidates who are successfully placed on one of our projects. The fee for this position is $10,000 and the referrer is eligible to receive the sum for any applicant we place within 12 months of referral. The fee is paid after the referred employee reaches 6 months of employment.**