Vulnerability Researcher
ARSIEM
About ARSIEM Corporation
At ARSIEM Corporation we are committed to fostering a proven and trusted partnership with our government clients. We provide support to multiple agencies across the United States Government. ARSIEM has an experienced workforce of qualified professionals committed to providing the best possible support.
As demand increases, ARSIEM continues to provide reliable and cutting-edge technical solutions at the best value to our clients. That means a career packed with opportunities to grow and the ability to have an impact on every client you work with.
ARSIEM is looking for Vulnerability Researchers, Levels 1 - 3. Candidates must have experience conduction reverse engineering of hardware, software applications, and operating systems to determine functionality, code structure, and circuit design for use in the discovery of initial access capabilities. Candidates will develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results. This position will support one of our Government clients in Ft. Meade, MD.Level 1 Vulnerability Researcher ResponsibilitiesProvide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.Actively debug software and troubleshoot issues with software crashes and programmatic flowProvide written reports, proof-of-concept code, prototypes, and hands-on demonstrations of reverse engineering and vulnerability analysis results, andProvide/author and participate in technical presentations on assigned projectsLevel 1 Vulnerability Researcher QualificationsBachelor's Degree in Computer Science or related field, or minimum two (2) years experience in computer science, information systems, or network engineering Minimum two (2) years experience programming in Assembly, C, C#, C++, Perl, or Python.Minimum two (2) years of demonstrated experience in either hardware or software reverse engineering.Level 2 Vulnerability Researcher ResponsibilitiesProvide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.Actively debug software and troubleshoot issues with software crashes and programmatic flowAbility to perform source code analysis in an effort to discover software flaws, andprovide/author documentation on the impact and severity of the flawAbility to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis resultsProvide/author and participate in technical presentations on assigned projectsLead reverse engineering and vulnerability research of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities Level 2 Vulnerability Researcher QualificationsMeets all qualifications of a CNO Vulnerability Researcher/Analyst I, but has the following increased experience and skill levelsMinimum four (4) years experience programming in Assembly, C, C#, C++, Perl, or Python for a production environmentMinimum of five (5) years contiguous experience in computer science, information systems, or network engineering; or Bachelor's Degree in Computer Science or related field plus minimum three (3) years contiguous experienceMinimum four (4) years demonstrated experience in either hardware or software reverse engineeringLevel 3 Vulnerability Researcher ResponsibilitiesProvide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flowAbility to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flawAbility to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results Edit/Approve and participate in technical presentations on assigned projectsSubject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities Level 3 Vulnerability Researcher QualificationsMeets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levelsProven results from participation in vulnerability discovery efforts within the last twelve (12) monthsDemonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) that achieve reliable remote code execution and/or reliable privilege escalation.Desired Skills for All LevelsExperience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environmentsUse of Unix/Windows system API’sUnderstanding of virtual function tables in C++Heap allocation strategies and protectionsExperience with very large software projects a plusKernel programming experience (WDK / Unix||Linux) a significant plusHardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g., not interested in FPGA reverse engineering, or other circuit reverse engineering).Candidates who can merge low-level knowledge about the compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.Desired Qualifications
Clearance Requirement: This position requires an active TS/SCI with a polygraph. You must be a US Citizen for consideration. Candidate Referral: Do you know someone who would be GREAT at this role? If you do, ARSIEM has a way for you to earn a bonus through our referral program for persons presenting NEW (not in our resume database) candidates who are successfully placed on one of our projects. The bonus for this position is $10,000, and the referrer is eligible to receive the sum for any applicant we are able to place within 12 months of referral. The bonus is paid after the referred employee reaches 6 months of employment.
ARSIEM is proud to be an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.
At ARSIEM Corporation we are committed to fostering a proven and trusted partnership with our government clients. We provide support to multiple agencies across the United States Government. ARSIEM has an experienced workforce of qualified professionals committed to providing the best possible support.
As demand increases, ARSIEM continues to provide reliable and cutting-edge technical solutions at the best value to our clients. That means a career packed with opportunities to grow and the ability to have an impact on every client you work with.
ARSIEM is looking for Vulnerability Researchers, Levels 1 - 3. Candidates must have experience conduction reverse engineering of hardware, software applications, and operating systems to determine functionality, code structure, and circuit design for use in the discovery of initial access capabilities. Candidates will develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results. This position will support one of our Government clients in Ft. Meade, MD.Level 1 Vulnerability Researcher ResponsibilitiesProvide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.Actively debug software and troubleshoot issues with software crashes and programmatic flowProvide written reports, proof-of-concept code, prototypes, and hands-on demonstrations of reverse engineering and vulnerability analysis results, andProvide/author and participate in technical presentations on assigned projectsLevel 1 Vulnerability Researcher QualificationsBachelor's Degree in Computer Science or related field, or minimum two (2) years experience in computer science, information systems, or network engineering Minimum two (2) years experience programming in Assembly, C, C#, C++, Perl, or Python.Minimum two (2) years of demonstrated experience in either hardware or software reverse engineering.Level 2 Vulnerability Researcher ResponsibilitiesProvide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.Actively debug software and troubleshoot issues with software crashes and programmatic flowAbility to perform source code analysis in an effort to discover software flaws, andprovide/author documentation on the impact and severity of the flawAbility to develop proof-of-concept exploits against research targets, prototypes, and hands-on demonstrations of vulnerability analysis resultsProvide/author and participate in technical presentations on assigned projectsLead reverse engineering and vulnerability research of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities Level 2 Vulnerability Researcher QualificationsMeets all qualifications of a CNO Vulnerability Researcher/Analyst I, but has the following increased experience and skill levelsMinimum four (4) years experience programming in Assembly, C, C#, C++, Perl, or Python for a production environmentMinimum of five (5) years contiguous experience in computer science, information systems, or network engineering; or Bachelor's Degree in Computer Science or related field plus minimum three (3) years contiguous experienceMinimum four (4) years demonstrated experience in either hardware or software reverse engineeringLevel 3 Vulnerability Researcher ResponsibilitiesProvide engineering and vulnerability research results related to hardware components, software applications, and operating systems to determine functionality, code structure, and system design for use in the discovery of initial access capabilities.Lead efforts to debug software and troubleshoot issues with software crashes and programmatic flowAbility to perform source code analysis in an effort to discover software flaws, and provide/author documentation on the impact and severity of the flawAbility to develop robust exploits (advancements beyond initial proof-of-concept such as version coverage, decreased failure rate, handling edge cases, etc.) against research targets, prototypes, and hands-on demonstrations of vulnerability analysis results Edit/Approve and participate in technical presentations on assigned projectsSubject Matter Expert and Leader of at least one technology area responsible for reverse engineering and vulnerability analysis of hardware components, software applications, and operating systems to determine functionality, code structure, and circuit design for the use in the discovery of initial access capabilities Level 3 Vulnerability Researcher QualificationsMeets all qualifications of a CNO Vulnerability Researcher/Analyst II, but has the following increased experience and skill levelsProven results from participation in vulnerability discovery efforts within the last twelve (12) monthsDemonstrated ability to discover multiple previously unknown vulnerabilities (0-day) across multiple versions of similar technologies.Demonstrated ability to discover multiple previously unknown vulnerabilities (0-day) that achieve reliable remote code execution and/or reliable privilege escalation.Desired Skills for All LevelsExperience programming in Assembly, C, C#, C++, Perl, or Python with a focus on an understanding of system interactions with these libraries vs. production-style environmentsUse of Unix/Windows system API’sUnderstanding of virtual function tables in C++Heap allocation strategies and protectionsExperience with very large software projects a plusKernel programming experience (WDK / Unix||Linux) a significant plusHardware/Software reverse engineering, which often includes the use of tools (e.g., IDA Pro, Ghidra, Binary Ninja) to identify abstract concepts about the code flow of an application.For Hardware reverse engineering, candidates are expected to have performed analysis of embedded devices, focusing primarily on identifying the software stack and points of entry to the hardware (e.g., not interested in FPGA reverse engineering, or other circuit reverse engineering).Candidates who can merge low-level knowledge about the compilation of C/C++ code with a nuanced understanding of system design to identify and exploit common vulnerability patterns. Candidates should be comfortable with, at a minimum, user-mode stack-based buffer overflows, and heap-based exploitation strategies.Desired Qualifications
Clearance Requirement: This position requires an active TS/SCI with a polygraph. You must be a US Citizen for consideration. Candidate Referral: Do you know someone who would be GREAT at this role? If you do, ARSIEM has a way for you to earn a bonus through our referral program for persons presenting NEW (not in our resume database) candidates who are successfully placed on one of our projects. The bonus for this position is $10,000, and the referrer is eligible to receive the sum for any applicant we are able to place within 12 months of referral. The bonus is paid after the referred employee reaches 6 months of employment.
ARSIEM is proud to be an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age, or any other federally protected class.
Confirm your E-mail: Send Email
All Jobs from ARSIEM