Offensive Threat Researcher
About the role
Draper’s Offensive Cyber Security Group is seeking talented professionals to develop tailored solutions to meet Department of Defense (DoD) and Intelligence Community (IC) sponsor directives. Our organization’s not-for-profit status enables a focus on the United States of America’s national interests, allowing us to tackle significant national challenges.
Responsibilities
- Assess hardware and software for security vulnerabilities using a broad range of technologies and techniques.
- Develop software that meets behavior and security requirements for tailored applications.
- Integrate software capabilities with other tasks or groups to enhance performance or behavior requirements.
- Create new tools and systems to detect and exploit vulnerabilities and system weaknesses.
- Document nominal application and system functionality, along with implemented changes.
- Help define the analysis approach for a particular problem and independently execute assignments.
- Contribute high-quality content for technical reports and presentations with minimal guidance.
- Proactively identify needs and concerns associated with design decisions and communicate them to project leadership.
- Perform other related duties as assigned.
Skills/Abilities
- A curiosity-driven approach to solving complex, customer-driven problems as part of a multi-disciplinary team.
- Collaborate and communicate effectively and openly with multi-disciplinary program team members, program leadership, and non-technical personnel.
- Be a team player capable of working in a fast-paced environment with the ability to balance multiple competing tasks and demands.
Forensics and Anomaly Detection
- Proficiency with static and dynamic analysis techniques for forensic analysis and anomaly detection.
- Experience conducting in-depth technical threat analysis and research.
- Hands-on proficiency with forensic analysis tools such as: FTK Imager, X-Ways, Autopsy, Volatility.
- Proficiency in identifying persistence mechanisms, hidden processes, and malicious host-based and network-based activity.
- Proficiency in capturing and analyzing memory dumps, network logs, crash reports, and runtime logs from OS and hypervisor environments.
Program Analysis, Reverse Engineering, And Vulnerability Research
- Proficiency with modern program analysis methodologies and techniques.
- Reverse-engineering assessment techniques for software, firmware, and/or embedded systems.
- Familiarity with binary file and filesystem structures and formats.
- Familiarity with architectures and assembly: x86, ARM, Hexagon, PowerPC.
- Familiarity with core workings of operating systems (user mode, kernel mode, boot processes), particularly in Windows and GNU/Linux.
- Familiarity with network stack and internals.
Languages And Development
- Proficiency with programming languages such as: C, C++, Python, Java.
- Familiarity with scripting languages such as: Bash, Powershell.
- Familiarity with development environments for GNU/Linux or Windows.
Leadership And Business Development
- Successful history in authoring technical proposals and documents.
- Leadership in advanced R&D initiatives, including government-funded projects.
- Leadership of critical programs with more than two full-time staff members.
- Proficient in teamwork and communication with diverse audiences.
Benefits
The US base salary range for this full-time position is $75,000.00 - $156,000.00. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role.
Pay
Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonuses or benefits.
Schedule
Full-time position.