Vulnerability Research/Reverse Engineer-Remote Work
L3Harris is dedicated to recruiting and developing diverse, high-performing talent who are passionate about what they do. Our employees are unified in a shared dedication to our customers’ mission and quest for professional growth. L3Harris provides an inclusive, engaging environment designed to empower employees and promote work-life success. Fundamental to our culture is an unwavering focus on values, dedication to our communities, and commitment to excellence in everything we do.
L3Harris Technologies is an agile global aerospace and defense technology innovator, delivering end-to-end solutions that meet customers’ mission-critical needs. The company provides advanced defense and commercial technologies across air, land, sea, space and cyber domains. L3Harris has approximately $18 billion in annual revenue and 48,000 employees, with customers in more than 100 countries.
Job Title: Vulnerability Research / Reverse Engineer-Remote Work
Job Code: SAS20211204-59516
L3Harris is currently seeking a security researcher to join our team. This individual will perform reverse engineering tasks associated with vulnerability detection and manipulation of targeted systems. This position requires 10% travel to classified sites and is largely a remote/work-from-home opportunity. This is an extremely exciting position working with National Security customers to protect and defend our nation. Don’t join a job, join a mission. L3Harris Technologies is seeking the best of the best to lead our Security Vulnerability and RE efforts for our customers.
Senior to Expert-level familiarity in most of the areas below:
- Architectures: AARCH32, AARCH 64, C66x, Hexagon, MIPS, x86/x64
- Platforms: Android, iOS, Linux, QSEck, QuRT, ThreadX
- Protocols: Cellular Protocols, 802.11, Bluetooth, BTLE, HTTP/S, IP, RTP, SSL/TLS, TCP, UDP
- Privilege Levels: Bootchain, Kernelmode, LPE, RCE, Sandbox Escape, TrustZone, Usermode
- Reverse Engineering Tools: ApkTool, Binary Ninja, BinDiff, Binwalk, Dex2Jar, Diaphora, GDB, Ghidra, JTAG, Hex-rays IDA
- Experience with Fuzzing: AFL, AFL++, AFLSmart, QEMU, Unicorn
- Development Applications: Eclipse, Clang/LLVM, CMake, CCS
- Circumventing security protection methods and techniques (e.g. DEP, ASLR, etc)
- Developing proof of concept code
- Creating detailed technical reports to document findings
- Working knowledge of Application Binary Interfaces such as calling conventions, system calls, alignments, processor instruction sets, and object files
- Experience with scripting in Bash and/or Python
- Self-starter/motivated – ability to work through complex problems individually or with little direction
- Conducting vulnerability scans and recognizing vulnerabilities in security systems.
- Detecting host and network-based intrusions via intrusion detection technologies (e.g., Snort)
- Skill in mimicking threat behaviors and use of penetration testing tools and techniques
- Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
- Ability to apply programming language structures (e.g., source code review) and logic
- Remote work supported
- Bachelor’s degree or 9 years of prior relevant work experience; or
- Graduate Degree with equivalent with 7 years of prior related experience.
- Industry specific experience:
- Vulnerability Research Experience
- Reverse Engineering Experience
- C/C++ Experience
Preferred Additional Skills:
- RF/Software Defined Radio: BladeRF, HackRF, RTL, Ubertooth, USRP
- Excellent spoken and written communication skills capable of explaining complex and diverse technical details to higher and lower levels, including their "so-what" impact to customer/business
- Proficiency with IDA, Ghidra, Binary Ninja, and/or radare
- Proficiency with debuggers such as GDB, LLDB, WinDBG, or OllyDbg
- Experience with RISC architectures
- Experience with prevalent radio communication protocols
- Experience with operating system internals including solid knowledge of information security, computer architecture, software and hardware protection schemes, and virtualization theory
- Experience with userland and kernel mode debugging, including debugging in embedded environments
- Experience writing custom IDA loaders, processor modules, IDA python, and Hex-Rays de-compiler plugins
- Knowledge of fault injection frameworks, fuzzing and virtualization
- Experience working as a Technical Lead is a plus
- Prior Offensive Cyber experience in the USG/Military
- GIAC/ISC2/CEH Certifications
- SECRET Clearance or higher is preferred
In compliance with Colorado’s Equal Pay for Equal Work Act, the salary range for this role in Colorado is $125,500 - $233,000 (salary ranges in other locations could differ). This is not a guarantee of compensation or salary, as final offer amount may vary based on factors including but not limited to experience and geographic location. L3Harris also offers a variety of benefits including: health and disability insurance, 401(k) match, flexible spending accounts, EAP, education assistance, parental leave, paid time off, and company-paid holidays. The specific programs and options available to an employee may vary depending on date of hire, schedule type, and the applicability of collective bargaining agreements.
#reverse #reverseengineering #vulnerability #IDApro #x64 #x86 #securityresearch #hacker #remote #telework #telecommute #workfromhome
Please be aware many of our positions require the ability to obtain a security clearance. Security clearances may only be granted to U.S. citizens. In addition, applicants who accept a conditional offer of employment may be subject to government security investigation(s) and must meet eligibility requirements for access to classified information.
By submitting your résumé for this position, you understand and agree that L3Harris Technologies may share your résumé, as well as any other related personal information or documentation you provide, with its subsidiaries and affiliated companies for the purpose of considering you for other available positions.
L3Harris Technologies is proud to be an Affirmative Action/Equal Opportunity Employer. L3Harris is committed to treating all employees and applicants for employment with respect and dignity and maintaining a workplace that is free from unlawful discrimination. All applicants will be considered for employment without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender (including pregnancy, childbirth, breastfeeding or other related medical conditions), gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, characteristic or membership in any other group protected by federal, state or local laws. L3Harris maintains a drug-free workplace and performs pre-employment substance abuse testing and background checks, where permitted by law.