iOS Vulnerability Researcher - NOVA - Military veterans preferred

2018-12-28
Raytheon (www.raytheon.com)
Other

/yr

  full-time   employee


Arlington
Virginia
United States

Seeking iOS Vulnerability Researcher for Raytheon Cyber Security Innovations (CSI) in Arlington, VA and Dulles, VA.

Our engineers solve cutting-edge problems involving rarely studied system internals, custom deployment scenarios, and multi-platform effects. Candidates will analyze mobile devices to understand how they work and how they behave when broken. Candidates must play both sides of the fence in developing and defeating advanced security techniques. Projects are undertaken in small teams with close coordination with customers. All of our engineers write code, but many spend as much time taking systems apart as building them. A typical day may involve studying disassembly or writing Python to audit Swift, Objective-C, or C/C++ code.

At Raytheon CSI, we take our work and our fun seriously. We refuse work that isn’t impactful and engaging, ensure our engineers have the tools to excel, and focus on recognizing superb results. CSI research and development projects cover the spectrum of security technologies for Computer Network Operations; if it runs code, somebody in our office has looked at it.


Required Skills:

  • Deep understanding of iOS internals
  • Experience reading or writing ARM assembly
  • Experience with Swift and Objective-C, and C/C++
  • Knowledge of common vulnerability classes (Overflows, Use after Free, Information Disclosure, Race Conditions)
  • 5 or more of the desired skills listed below


Desired Skills:
  • Darwin kernel internals (mach, libkern, I/O kit)
  • Safari or Chrome internals
  • Experience with Xcode and instruments
  • Experience developing embedded systems
  • Experience using debuggers such as WinDBG, DDMS, or gdb
  • Experience using reverse engineering tools such as IDA Pro, HexRays, Binary Ninja, or objdump
  • Experience jailbreaking iOS devices
  • Knowledge of iOS application and core frameworks
  • Knowledge of iOS keychain
  • Knowledge of iOS filesystem idiosyncrasies
  • Knowledge of iOS security model (secure boot chain, secure enclave, code signing, data and rest encryption)
  • Knowledge of ARMv8a 64-bit
  • Understanding of network protocols (TCP/IP stacks, RF communications, routing protocols, or others)
  • Understanding of exploit mitigations (ASLR, W^X, code signing)
  • Familiarity with Computer Network Operations
  • Active U.S. Government Security Clearance


Security Clearance:

U.S. Citizenship is required. Qualified applicants will be subject to a security investigation and must meet the requirements to obtain and maintain a TS/SCI government security clearance.


Our Interviews:

Our interviews are technical. Come prepared to tell us about your technical background and interests as well as to work through some of our questions on a computer or whiteboard. We hope candidates find our questions to be thought provoking, but we don’t ask brain teasers or tricks. This is a chance to have a dialog with our team, and we hope you will enjoy it!
128996BR 128996

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.