Vulnerability Researcher, Senior (TS/SCI w/Poly)

Ready for a challenge that will keep you on the edge of cybersecurity? Are you an experienced vulnerability researcher and reverse engineer who thrives in a fast-paced environment working with a collaborative team? 
 

If so, then apply today and be part of a team that supports the United States Cyber Command (USCC), where you will have a significant impact on the mission. Join our team of best-in-industry cyber warriors dedicated to providing superior service in support of national defense objectives. 

What You'll Be Doing: 

• Conduct advanced vulnerability research and reverse engineering on target software and hardware systems to identify exploitable weaknesses for cyberspace capability development. 

• Perform technical analysis of target platforms, including discovery of zero-day vulnerabilities through fuzzing and code analysis. 

• Reverse engineer software applications, firmware, and hardware components using disassemblers, debuggers, and binary analysis tools. 

• Perform vulnerability discovery through automated fuzzing, manual code review, and dynamic/static analysis techniques. 

• Develop proof-of-concept exploits to validate vulnerability findings and assess operational utility. 

• Analyze target system architectures, protocols, and security mechanisms to identify attack surfaces and weakness patterns. 

• Document vulnerability technical details, exploitation methodology, and recommended capability development approaches. 

• Provide technical intelligence briefs to capability developers on target system weaknesses and exploitation pathways. 

• Collaborate with capability development teams to translate vulnerability research into operational tools. 

• Maintain awareness of public vulnerability disclosures, exploit techniques, and adversary tradecraft relevant to target systems. 

• Conduct limited TDY travel as mission requires. 

Minimum Qualifications:   

• Active TS/SCI with Poly 

• Bachelor’s degree in related technical field and 8+ years of related professional experience - or - Master's degree and 5+ years of related professional experience

• 3+ years conducting vulnerability research, reverse engineering, or exploit development 

• Expert proficiency with disassemblers/decompilers (IDA Pro, Ghidra, Binary Ninja) 

• Strong understanding of x86/x64/ARM assembly language and processor architectures 

• Practical experience with debuggers (WinDbg, GDB, LLDB) and dynamic analysis tools 

• Demonstrated capability discovering vulnerabilities in compiled software (C/C++/Rust applications) 

• Understanding of common vulnerability classes (memory corruption, logic flaws, race conditions) 

• Proficiency with fuzzing frameworks (AFL, libFuzzer, Honggfuzz) and corpus management 

• Strong scripting skills (Python, Ruby, or similar) for automation and analysis 

• Experience documenting technical research for both technical and operational audiences 

Preferred Qualifications:

• Experience with Windows kernel/driver reverse engineering 

• Firmware analysis and embedded systems reverse engineering 

• Network protocol analysis and vulnerability research 

• Experience with UEFI/BIOS or bootloader security analysis 

• Published vulnerability research (CVEs, conference presentations, blog posts) 

• Familiarity with symbolic execution and taint analysis tools 

• Understanding of offensive cyberspace operations workflows