Cyber System Exploitation Engineer

Our Cyber System Assessments Group performs software and hardware reverse engineering, vulnerability research and discovery, and system exploitation. We develop and prototype cutting-edge capabilities for our operational partners in the U.S. government. We look for, find, and demonstrate cyber vulnerabilities in weapons systems so that vulnerabilities in U.S. systems can be corrected, and vulnerabilities in other systems are better understood.

Our team achieves success through technical excellence in understanding and exploitation of cyber systems, threat modeling, malware, and rapid prototyping of new capabilities. Right, we get to do some serious stuff.

When you join our team as a Cyber System Exploitation Engineer you'll be contributing to the development of tools and techniques for software or hardware cyber security or cyber capability development. You'll be working with software or hardware system reverse engineering and exploitation. We define system exploitation as gaining and maintaining unauthorized control over a system. Your main areas of research include cyber tool development and system analysis of offensive or defensive cyber tools and systems, automated vulnerability discovery, reverse engineering, software protection mechanisms, static analysis and dynamic instrumentation. Once you're on our team, you'll be active in communicating your research to non-domain experts through your writing, public presentations, and hand-on training sessions you'll be participating in.

Requirements:

• B.S. degree in Computer Science, Computer Engineering or related discipline
• Proficiency in programming a high level language, such as Java, or a systems programming language, such as C
• Familiarity with one or more scripting languages, such as Python
• Understanding of an instruction set architecture, operating system design or virtualization platform design

Desired Skills (nice to have a few of these):

• Operating system internals and driver development
• Network protocols, virtualization
• Computer security, vulnerability assessment
• Measurement and metrics
• Debugging using WinDbg or similar tools,
• Static analysis using IDAPro or similar tools
• SAT/SMT solvers and/or Symbolic execution
• Dataflow analysis for compiled binaries
• Binary intermediate representations, binary translation
• Vulnerability discovery and analysis
• Virtualization implementation or instrumentation techniques
• Compiler construction
• Embedded systems firmware reverse engineering
• Anti-debugging or anti-instrumentation techniques and countermeasures and detection thereof

MIT Lincoln Laboratory is an Equal Employment Opportunity (EEO) employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; U.S. citizenship is required.