Vulnerability Researcher Parsons Corporation
Centreville, VA

Job Description

Vulnerability Researcher

Centreville, VA

Opportunity

Do you like new challenges every day? Do you thrive in dynamic real-time situations? We're looking for smart creative problem solvers to work with our customers in an operational environment creating software tools that meet critical national security needs and make the world a safer place. We need reverse engineers who can analyze a variety of binary software products, environments and programming languages/frameworks/platforms (MIPS, PowerPC, ARM, RTOS) You will be an integral member of a highly-skilled and dynamic team developing state of the art full spectrum cyber capabilities. Responsibilities include analyzing and deconstructing software applications and protocols, identifying potential attack vectors of all types on all platforms, triage, categorization, and analysis of discovered vulnerabilities and development of proof of concept (PoC) code. At Parsons, we specialize in solving complex problems on a daily basis. We have a roster including some of the best and the brightest in the industry, and we provide a great place to grow your career.

Required Qualifications:

* 5 years overall engineering experience with 2 yrs of Vulnerability research and/or Reverse engineering.
* U.S. citizenship is required.
* Active Top Secret Security Clearance with SCI eligibility

Desired Experience:

* Software reverse engineering - Experience using disassembler tools (e.g. IDA Pro, Ghidra) and creative techniques to analyze how an embedded application works and processes data.
* Experience identifying zero days including memory corruption bugs, for example stack overflows, heap overflows, integer overflows, logical flaws.
* Experience with mitigation techniques (ASLR, stack cookies, non-executable memory).
* File format reverse engineering - Experience determining how files are structured, understanding the standard methods for encoding data from Base64 to ASN1.
* Encryption - A good understand of how symmetrical and asymmetrical encryption works, certificate chain of trust, crypto weaknesses etc.
* Protocol Analysis - Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML etc.
* Fuzzing - Experience of writing and running fuzzers, understanding of the differences between dumb and more intelligent fuzzers, and how reverse engineering feeds the process.
* Coding - The ability to quickly write programs to accomplish point solutions in languages like Python, C, C++, C#, PHP.
* Code Review - The ability to review source code to identify bugs and vulnerabilities.
* Operating Systems Architecture - Knowledge of how operating systems work from "user land" code right through to the kernel.

Applicants selected for employment will be subject to a Federal background investigation and must meet additional eligibility requirements for access to classified information or materials.Applicants selected for employment will be subject to a Federal background investigation and must meet additional eligibility requirements for access to classified information or materials.

Ready for action? We're looking for the kind of people who see this opportunity and don't hesitate to act. Parsons is a leader in the world of technical services. We hire people with a broad set of technical skills who have proven experience tackling some of the greatest challenges. Take your next step and apply today.