Job Description
Description
The Vulnerability Research Exploit Developer is responsible for simulating real-life cyber attacks with the goal of helping an organization improve its security posture. This is a highly technical hands-on role that will utilize development/programming, live testing, system administration, reverse engineering, vulnerability assessments, system/network hardening, penetration testing and ultimately creativity skills. It is an opportunity for a team player to enhance a world-class team and learn/teach new skills.
Requirements
- Experience conducting advance host/network/application penetration testing as a member of a technical team on live/operational systems
- Perform reverse engineering and static/dynamic test of desktop/web applications to find security flaws like zero-day vulnerabilities
- Review custom applications source code for security flaws and vulnerabilities
- Perform full-scope penetration test activities like zero-day discovery, exploit development and exploitation of vulnerabilities on operational network infrastructure devices, services, various operating systems and desktop/web applications
- Test the exploitation of security policies and access controls in restricted/secure environments (e.g. GPO bypass, privilege escalation and A/V evasion)
- Capable of doing the necessary research and development to produce TTPs and products (e.g. exploits, applications, etc.) to achieve systems exploitation
- Be able to review, modify and develop software programs or scripts in Assembly, C++, C#, VBS, Python, Perl, Ruby, PowerShell, Bash, JavaScript, Java, PHP and other languages for systems/applications exploitation, data analysis, systems configuration and task automation
- Work extensively from the Windows and UNIX/Linux command line (e.g. Bash and PowerShell)
- Able to test, identify and exploit vulnerabilities in web applications without the use of scanning tools
- Informed in current information security threats, trends and vulnerabilities
- Research and formulate recommendations for vulnerabilities
- Employ extensive use of Microsoft Office main tools: Word, Excel, PowerPoint and Visio to prepare plans, reports, diagrams, tables, briefings, etc.
- Be able to present, demonstrate, explain and document operational impact of a particular vulnerability or the combination of many vulnerabilities and flaws
- Develop proof-of-concept examples and scenarios for reports and live demonstrations
- Create/document tactic, techniques and procedures (TTP) to train and expand/share knowledge with customers and other team members
Qualifications
TYPICAL EDUCATION AND EXPERIENCE:
Bachelors degree and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD and four (4) years or more experience.
Overview
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.
