Exploit Developer Parsons Corporation
Centreville, VA

Job Description

Exploit Developer

Centreville, VA

Must be able to obtain a Top Secret Clearance

Are you an experienced vulnerability researcher and/or reverse engineer looking for an exciting and intellectually challenging environment focused on embedded and IoT devices?

Parsons is seeking experienced, motivated, and spirited Exploit Developers to join our growing and exceptionally talented VR team. Ideal candidates must possess strong analytical skills, have an aptitude for creatively solving problems, and be eager to take on hard and challenging problems. They must also possess strong verbal and written communication skills, enjoy working collaboratively on a team and aspire to continuous learning and development of their tradecraft.

Responsibilities:

* Work collaboratively on a team to satisfy customer goals and mission objectives.
* Use reverse engineering skills to decode and analyze the protocols, firmware code, and other internals of embedded and IoT devices to discover vulnerabilities.
* Develop Proof-of-Concept code in a scripting language to demonstrate execution control and viability of discovered vulnerabilities.
* Document discovered vulnerabilities and support building a comprehensive knowledgebase of discovered vulnerabilities.
* Contribute to the team's continuous learning and advancement of the vulnerability discovery and exploitation techniques, methodology, and technologies.

Required Qualifications:

* B.S. in Computer Science, Computer Engineering, Mathematics, or Information Security with 10+ years of total technical experience.
* 5+ yrs of experience with at least one operating systems platform - Android, Linux, or Windows
* Experience with the construction and code execution of programs written in assembly, C, and C++
* Experience with programming in at least one scripting language (e.g. Python, Ruby, Bash)
* Proof of US citizenship
* Ability to obtain and maintain a security clearance

Preferred Qualifications:

* Active Top Secret security clearance
* Familiarity with software security protections and mitigations (e.g. ASLR, DEP, Stack Guards)
* Familiarity with common code and protocol analysis tools (e.g. WinDbg, IDA Pro, Ghidra, GDB, OllyDbg, BurpSuite, Fuzzers, NetworkMiner, Wireshark)
* Familiarity with exploitation frameworks, such as Metasploit and/or Routersploit
* Experience with the low-level execution of at least two architectures (e.g. x86, x86-64, MIPS, ARM, PowerPC, Tile, VxWorks)
* Experience with the common analysis techniques: code debugging and decompilation, memory analysis, network and wireless protocol analysis
* Experience with different classes of coding flaws (e.g. logic, integer/stack/heap overflows, use-after-free, race conditions)