L3Harris TechnologiesRemote
Lead, Security Research Engineer
United States of America
Full Time
2 weeks ago
$112,000 - $208,000 USD
No H1B
Key skills
PythonC++CSwiftiOSAndroidMentoring
About this role
L3Harris Technologies is dedicated to recruiting high-performing talent and is seeking a Lead Security Research Engineer for their security group, Trenchant. The role involves finding vulnerabilities in software, constructing exploits, and conducting research and development on security technologies while mentoring junior staff.
Responsibilities:
- Finding vulnerabilities in ubiquitous Internet-deployed software and/or popular devices’ software or firmware
- Constructing exploits for vulnerabilities discovered by the company
- Research & development on security technologies in such fields as exploitation, bug-finding, reverse engineering and static analysis
- Working with and for officers, employees or contractors of the company
- Training, management and provision of guidance to junior staff
- Regular interaction with managers, clients, vendors, and customers to field queries and questions
- Take an active role in cross-team projects when needed
- Ability to obtain and maintain security clearance
Requirements:
- Bachelor's Degree and minimum 9 years of prior relevant experience
- Graduate Degree and a minimum of 7 years of prior related experience
- In lieu of a degree, minimum of 13 years of prior related experience
- Ability to obtain and maintain security clearance
- 5+ years of Vulnerability Research, reverse engineering, and bug-hunting
- Experience with static and dynamic binary analysis
- Experience with iOS, Android, Windows, Linux, or embedded systems kernel, user land, and internals or browser internals
- Experience with common tools in security research (e.g. IdaPro, Ghidra, Radare, Binary Ninja, AFL, SysInternals, GDB, WinDBG, etc)
- Experience with common programming languages (e.g. C/C++, Python, Swift, etc)
- Experience with common architectures (e.g. x86/64, ARM, AARCH64, MIPS, PowerPC, TILEGX, etc)
- Experience with modern security system features, exploit mitigations, and evasion techniques (e.g. defeating ASLR, DEP, Control Flow Guard, ROP, Security Product/AV Evasion, etc)
- Experience with a wide-range of modern exploitation concepts and techniques
- Service in the US Intelligence Community or US Military working in cyber operations
- Experience with Computer Network Operations / Computer Network Exploitation
- Experience with symbolic execution and emulation software (e.g. QEMU, Corellium, VHDL, etc)
- Cryptographic experience (e.g. side-channel attacks, implementing AES, etc)
- Experience teaching and mentoring junior vulnerability researchers
- Bespoke fuzzer development experience