iOS Vulnerability Researcher - Military veterans preferred
2018-09-29 Raytheon (www.raytheon.com)
State College Pennsylvania United States
Seeking IOS Vulnerability Researcher for Raytheon Cyber Security Innovations (CS), formerlly Centers of Innovation (COI) at Arlington and Dulles in Virginia. Candidates will analyze mobile devices to understand how they work and how they behave when broken. Candidates must play both sides of the fence in developing and defeating advanced security techniques. Projects are undertaken in small teams with close coordination with customers. All of our engineers write code, but many spend as much time taking systems apart as building them. A typical day may involve studying disassembly or writing Python to audit Swift, Objective-C, or C/C++ code.
We refuse any work that isn’t hard and engaging, we ensure our engineers have the tools they need to do their jobs, and we focus on recognizing results. Our research and development projects cover the spectrum of security technologies for computer network operations. If it runs code, somebody in our office has looked at it.
Deep understanding of IOS internals
Experience reading or writing ARM assembly
Experience with Swift and Objective-C, and C/C++
Knowledge of common vulnerability classes (Overflows, Use after Free, Information Disclosure, Race Conditions)
5 or more of the desired skills listed below
Darwin kernel internals (mach, libkern, I/O kit)
Safari or Chrome internals
Experience with xcode and instruments
Experience developing embedded systems
Experience using debuggers such as WinDBG, DDMS, or gdb
Experience using reverse engineering tools such as IDA Pro, HexRays, Binary Ninja, or objdump
Experience jailbreaking IOS devices
Knowledge of IOS application and core frameworks
Knowledge of IOS keychain
Knowledge of IOS filesystem idiosyncrasies
Knowledge of IOS security model (secure boot chain, secure enclave, code signing, data and rest encryption)
Knowledge of ARMv8a 64-bit
Understanding of network protocols (TCP/IP stacks, RF communications, routing protocols, or others)
Understanding of exploit mitigations (ASLR, W^X, code signing)
Qualified applicants may be subject to a security investigation and must meet minimum qualifications for access to classified information. U.S. citizenship is required. Qualified applicants must meet the requirements to obtain and maintain a TS/SCI government security clearance.
Our interviews are technical. Come prepared to tell us about your technical background and interests as well as to work through some of our questions on a computer or whiteboard. We hope candidates find our questions to be thought provoking, but we don’t ask brain teasers or tricks. This is a chance to have a dialog with our team, and we hope you will enjoy it! 112744
Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.