Senior Reverse Engineer

Job Description

Description

SAIC’s Advanced Technical Exploitation team provides state of the art technical exploitation and collection capabilities in digital media exploitation triage and automation, advanced technical Media Exploitation (MEDEX), and advanced Mobile Device Exploitation. Activities include digital forensics activities, software reverse engineering, hardware exploitation, parser development, reverse engineering, mobile applications development and engineering, and technical exploitation.

The Advanced Technical Exploitation team offers highly-challenging and rewarding positions with significant impact on national security and the opportunity for rapid upward mobility in the areas of computer forensics/mobile device forensics; data recovery; reverse engineering; hardware engineering; digital forensic analysis; and digital and analog electronics. We encourage our team members to share and grow their skills and expertise while creating robust and state-of-the-art solutions.

Responsibilities include, but are not limited to (candidates must have significant experience in several of the following fields):

• Isolate, review, analyze, and reverse-engineer potentially malicious programs
• Write and produce high quality technical reports related to the scope, nature, and characteristics of the malicious software suitable for distribution to both technical and non-technical audiences
• Work deep within the boot process, kernel, and system internals to devise novel solutions using tools like IDA Pro, debuggers, and in-target probes to examine behavior of binaries
• Analyze software and firmware using reverse engineering techniques to understand security vulnerabilities, working closely with teammates who value innovation and execution
• Share knowledge by clearly articulating ideas through papers and presentations to technical staff, management and customer decision makers
• Take advantage of opportunities to participate in working groups, customer meetings, proposal writing, and conferences
• Provide detailed understanding of how various attacks work at the memory and register level
• Perform in-depth analysis (dynamic/static) on malicious software (i.e., bots, worms, Trojans) resident on Microsoft® Windows and UNlX® based platforms to provide actionable intelligence; as appropriate, provide remediation recommendations
• Analyze, disassemble, and reverse engineer malicious code; document and transition results in reports, presentations and technical exchanges
• Using existing framework and within design, prototype, document, test and transition malicious code analysis methods and tools appropriate for operational use
• Proactively identify, define and advocate reverse engineering and analysis processes, approaches and concepts to enhance/improve technical exploitation efforts
• Adequately explain, present, demonstrate [when applicable] and document the operational impact of a particular 'vulnerability

Qualifications

• TS/SCI with CI Poly is required to perform services on the contract. Candidates with an active security clearance at the TS/SCI level are required to pass a counter intelligence polygraph.
• Bachelor of Science degree in Computer Science or Engineering with at least six (6) years’ experience; OR
• Master of Science in Computer Science or Engineering with at least (4) four years’ experience; OR
• PhD degree in Computer Science or Engineering with at least (2) years’ experience.
• Two (2) Years’ experience with computer forensic software packages such as EnCase, FTK, or Sleuth Kit/Autopsy
• Experience with reverse engineering and network security tools, including Ida Pro, Immunity Debugger, WinDdg, VIM, Emacs, Trace32/JTAG, GDB, make, ctags, git, mercurial, and/or Wireshark, OllyDbg, Ghidra
• Experience with either C, C++, VisualBasic, Java, .NET, Delphi, JavaScript, and Windows Kernel.
• Experience in software development and scripting
• Thorough understanding of compiler specifics, operating system concepts, security models, and the causes of most vulnerabilities and how to exploit them Preferably, experience coding and disassembling software on both Windows and Linux or other BSD and Unix variants
• Knowledge of the types and techniques of cyber exploitation and attack, including virus, worm, Trojan horse, logic bomb, and sniffer to identify, quantify, prioritize, and report vulnerabilities in enterprise architecture, networks, communications, applications, and systems
• Experience with virtualization, driver programming, diagnosing and debugging software systems, ethical hacking and/or testing vulnerabilities
• Contractor personnel are required to complete and pass a written test, prior to beginning work on the contract if they have not performed customer requirements previously.

Desired:

• OSCP or SANS certifications, including (but not limited to): CCNA Security, CySA+, GICSP, GSEC, Security+ CE, SSCP, CASP CE, CCNP Security, CISA, GCED, GCIH
• Digital forensics certifications including (but not limited to): EnCE, MCFE,CCME, CCFE,GCFA,GCFE GASF, CCE, or GREM

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.

We are approximately 26,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.4 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.