Parsons Corporation Vulnerability Researcher in Quantico, Virginia
Centreville, Virginia, United States
Job ID TBD
Do you like new challenges every day? Do you thrive in dynamic real-time situations? We’re looking for smart creative problem solvers to work with our customers in an operational environment creating software tools that meet critical national security needs and make the world a safer place. We need reverse engineers who can analyze a variety of binary software products, environments and programming languages/frameworks/platforms (Windows, MAC OS, iOS, Android) You will be an integral member of a highly-skilled and dynamic team that developing state of the art full spectrum cyber capabilities. Responsibilities include analyzing and deconstructing software applications and protocols, identifying potential attack vectors of all types on all platforms, triage, categorization, and analysis of discovered vulnerabilities and development of proof of concept (PoC) code. At Parsons, we specialize in solving complex problems on a daily basis. We have a roster including some of the best and the brightest in the industry, and we provide a great place to grow your career.
• 5 years overall engineering experience with 2 yrs of Vulnerability research and/or Reverse engineering.
•U.S. citizenship is required.
•Active Top Secret Security Clearance with SCI eligibility
• Software reverse engineering – Experience using IDA Pro to determine how an application works and processes data. This could include x86, ARM, ARM64 etc.
• Experience identifying zero days including memory corruption bugs for example stack overflows, heap overflows, integer overflows, logical flaws.
• Experience with mitigation techniques (ASLR, Stack cookies, non-executable memory).
• File format reverse engineering – Experience determining how files are structured, understanding the standard methods for encoding data from Base64 to ASN1.
• Encryption - A good understand of how symmetrical and asymmetrical encryption works, certificate chain of trust, crypto weaknesses etc.
• Protocol Analysis - Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML etc.
• Fuzzing - Experience of writing and running fuzzers, understanding of the differences between dumb and more intelligent fuzzers, and how reverse engineering feeds the process.
• Coding - The ability to quickly write programs to accomplish point solutions in languages like Python, C, C++, C#, PHP.
• Code Review - The ability to review source code to identify bugs and vulnerabilities.
• Operating Systems Architecture - Knowledge of how operating systems work from “user land” code right through to the kernel.
Applicants selected for employment will be subject to a Federal background investigation and must meet additional eligibility requirements for access to classified information or materials.
Parsons is a digitally enabled solutions provider focused on the defense, security, and infrastructure markets. With nearly 75 years of experience, Parsons is uniquely qualified to deliver cyber/converged security, technology-based intellectual property, and other innovative services to federal, regional, and local government agencies, as well as to private industrial customers worldwide.
Parsons is an equal opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBT.
For more about Parsons, visit parsons.com and follow us on Facebook , Twitter , LinkedIn , and .
Parsons is an equal opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBT
Parsons is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regards to an individual's race, color, religion, national origin, ethnicity, union affiliation, age, sex, sexual orientation, gender identity and expression, pregnancy, employable physical or mental disability, veteran status, genetic information, immigration status, or any other basis protected by applicable laws.