Android Security Researcher

Parsons Commercial Technology Group Inc. Springfield, VA

Are you a dark knight disguised as a software developer? Do you like working on critical missions? Have you performed brain surgery on an Android device? If so, we need to talk.

This role is focused on software development on mobile devices and platforms within a team of developers, reverse engineers, and weapons specialists. The candidate will need to have experience of binary reverse engineering and software vulnerability discovery with a focus on Android technologies, ARM, and/or Linux Kernels.

Work will involve direct interaction with customers and other contractors to participate in the design and development process. The candidate will work closely with the customer in the deployment and support of new and ongoing operations. We are focused on providing our customers with unique capabilities and expertise that other company's lack. We operate as a high-performance team focused on maintaining the top technical talent to perform the customer mission – our number one priority. The ideal candidate is someone that is enamored by technology and eager to sink his or her teeth into something new.

Required Qualifications:

* 3 years overall software engineering experience

* 1 year of vulnerability research and/or Reverse engineering

* 1 year of recent experience with Android internals, ARM, and/or Linux Kernels

Desired Qualifications:

* Software reverse engineering – Experience using IDA Pro to determine how an application works and processes data. This could include x86, ARM, ARM64 etc.

* Experience identifying zero days including memory corruption bugs for example stack overflows, heap overflows, integer overflows, logical flaws.

* Experience with mitigation techniques (ASLR, Stack cookies, non-executable memory).

* File format reverse engineering – Experience determining how files are structured, understanding the standard methods for encoding data from Base64 to ASN1.

* Encryption - A good understand of how symmetrical and asymmetrical encryption works, certificate chain of trust, crypto weaknesses etc.

* Protocol Analysis - Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML etc.

* Fuzzing - Experience of writing and running fuzzers, understanding of the differences between dumb and more intelligent fuzzers, and how reverse engineering feeds the process.

* Coding - The ability to quickly write programs to accomplish point solutions in languages like Python, C, C++, C#, PHP.

* Code Review - The ability to review source code to identify bugs and vulnerabilities.

* Operating Systems Architecture - Knowledge of how operating systems work from "user land" code right through to the kernel.

Applicants selected for employment will be subject to a Federal background investigation and must meet additional eligibility requirements for access to classified information or materials.

U.S. citizenship is required.