Jobs · Information Technology · Colorado

Cybersecurity Researcher Reverse Engineer

National Laboratory of the Rockies · Golden, CO · 4 wk ago
Information Technology$120k–$217k/yrFull-time

About the role

The National Renewable Energy Laboratory (NLR) is seeking a skilled Cybersecurity Researcher Reverse Engineer to join our Cyber Threat Analysis Group, within the Cybersecurity Research Center. This role requires candidates to analyze, deconstruct, and evaluate the security of highly complex embedded devices and systems that are critical to the nation's energy infrastructure and national security.

Responsibilities

  • Design and deploy advanced discovery techniques against black-box embedded systems.
  • Implement custom fuzzing harnesses for hardware-in-the-loop and emulated environments.
  • Develop robust, weaponized proof-of-concept (PoC) exploits for constrained environments.
  • Bypass embedded exploit mitigations.
  • Write custom shellcode and achieve persistent execution within RTOS or bare-metal environments.
  • Intercept, reverse engineer, and exploit communications across all layers.
  • Analyze local hardware buses (CAN, I2C, SPI), industrial control protocols (Modbus, DNP3, IEC 61850 GOOSE/SV, CIP/EtherNet/IP), and modern Smart Grid/EV protocols (OCPP, IEEE 2030.5, MQTT).
  • Perform static and dynamic analysis of compiled binaries, RTOS (e.g., VxWorks, QNX, FreeRTOS), and bare-metal systems.
  • Reverse engineer boot sequences, evaluate kernel-level internals, and identify privilege escalation vectors from user-space tasks to the kernel or hypervisor.
  • Defeat hardware security mechanisms and extract firmware using debug interfaces (JTAG, UART, SWD).
  • Execute advanced hardware attacks, including side-channel analysis and fault injection (glitching), to extract cryptographic keys or bypass authentication.
  • Translate highly technical vulnerability findings and exploitation mechanics into actionable intelligence.
  • Brief technical peers, leadership, and federal stakeholders on systemic risks to critical infrastructure and propose hardware/software mitigations.

Qualifications

  • Researcher IV: Relevant PhD and 4 or more years of experience . Or, relevant Master's Degree and 7 or more years of experience . Or, relevant Bachelor's Degree and 9 or more years of experience .
  • Researcher III: Relevant PhD . Or, relevant Master's Degree and 3 or more years of experience . Or, relevant Bachelor's Degree and 5 or more years of experience .

Benefits

  • Medical, dental, and vision insurance.
  • Short*-and long-term disability insurance.
  • Pension benefits*.
  • 403(b) Employee Savings Plan with employer match*.
  • Life and accidental death and dismemberment (AD&D) insurance.
  • Personal time off (PTO) and sick leave.
  • Paid holidays.
  • Tuition reimbursement*.

Pay

Annual Salary Range (based on full-time 40 hours per week): Researcher IV - $120,400 - $216,700; Researcher III - $100,400 - $180,700.

Schedule

NLR operates on a standard 40-hour workweek.

Similar jobs

Reverse Engineer Researcher

Software Engineering Institute | Carnegie Mellon UniversityPittsburgh, PA· 1 mo ago
Engineeringapply on cmu.wd5.myworkdayjobs.com

Reverse Engineer Researcher

Software Engineering Institute | Carnegie Mellon UniversityArlington, VA· 8 mo ago
Information Technologyapply on cmu.wd5.myworkdayjobs.com