Cambridge, MA, USA
41 days ago
Senior Embedded Vulnerability Researcher

Overview:

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.

Job Description Summary:

Draper’s Offensive Cyber Security Group is looking for dedicated individuals to develop tailored solutions to meet our DoD and IC Sponsor directives. Our organization's not-for-profit status ensures a capability-driven focus on the United States of America's national interests that allows us to address some of our Nation's most pressing challenges. Due to the variety of USG organizational needs, our technical efforts and opportunities vary from conventional cyber operations enablement tooling to embedded vulnerability research and exploit development on a wide range of devices and systems.

Job Description:

• Assess hardware and software for security vulnerabilities using a breadth of technologies and techniques.
• Develop software that meets behavior and security requirements for tailored applications.
• Integrate software capabilities with other tasks or groups to improve performance or behavior requirements.
• Create new tools and systems to detect and exploit vulnerabilities and system weaknesses.
• Document nominal application and system functionality, in addition to implemented changes.
• Drive solutions to complex problems with limited direction – contribute to requirements. development, propose ways forward, and adapt appropriately to changes in requirements.
• Provides insight and suggest design modifications based on analysis outcomes, and to apply analysis techniques across a range of technical disciplines.
• Identifies program/system-level technical risks and develop and execute mitigation strategies.
• Actively mentor less experienced engineers and provide thoughtful, constructive feedback.
• Performs other related duties as assigned.
• Curiosity-driven approach to solving complex, customer-driven problems as part of a multi-disciplinary team.
• Collaborate and communicate effectively and openly with multi-disciplinary program team members, program leadership, and non-technical personnel.
• Be a team player able to work in a fast-paced environment with the ability to balance multiple competing tasks and demands.

Education
Requires a bachelor's in computer science, computer engineering, or related field.

Experience
5-10 years of experience in Cybersecurity or related field is required.

Additional Job Description:

Program Analysis, Reverse Engineering, and Vulnerability ResearchProficiency with modern program analysis methodologies and techniques Reverse-engineering assessment techniques for firmware or embedded systemsFamiliarity with binary file and filesystem structures and formatsHands-on proficiency with reverse engineering tooling such as: Ghidra, IDA, GDB, RRHands-on proficiency with physical instrumentation or hardware modification, solderingExperience with JTAG/SWD/BDM, and eMMC/NAND/SPI flash data extractionExploitation techniques for embedded devices across platforms and architecturesFamiliarity of network stack and internalsFamiliarity of operating system internals throughout user mode, kernel mode, and during boot processes for at least one of the following: GNU/Linux, RTOSFamiliarity with architectures and assembly: x86, ARM, Hexagon, PowerPCLanguages and Development:Proficiency with programming languages such as: C, C++, Python, JavaFamiliarity with scripting languages such as: Bash, PowershellFamiliarity in development environments for GNU/Linux or WindowsLeadership and Business Development:Successful history in authoring of technical proposals and documentsLeadership in advanced R&D initiatives, including government-funded projectsLeadership of critical programs with more than two full time staff membersProficient in teamwork and communication with diverse audiences

Preferred Qualifications:

Experience with side channel attacks (glitching) to place components and/or devices into altered states to bypass protections.Familiarity with custom filesystem extraction and modification, removal and/or regeneration of OOB/CRC data.Familiarity with bus and protocol analysis.

Applicants selected for this position must be required to obtain and maintain a government TS/SCI security clearance.

Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.

Job Location - City:

Cambridge

Job Location - State:

Massachusetts

Job Location - Postal Code:

02139-3563

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.

Equal Employment Opportunity:

Draper is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.

Confirm your E-mail: Send Email