Job Description
Job Description
Security Clearance: Active TS/SCI w/ CI Poly eligibility
Location: NDCO in Bethesda, MD. 100% Onsite
Job Type: Full-Time
Target Salary Range*: $139,000 - $170,000.
*This represents the potential salary range for this position depending on education level, years of experience and/or certifications in addition to other position specific requirements which may impact salary
Position Overview:
- Mobile Software Reverse Engineering (with support to development and malware analysis efforts).
Key Responsibilities:
-
- Conduct software exploitation against applications, middleware, operating systems (OS) user interface, OS drivers/runtimes, firmware and other binary data:
- Working experience in software engineering and related technologies. Experience in sizing and scoping, in design, implementation and delivery of mobile application solutions using iOS and/or Android development environments.
- Provide malicious code reverse engineering to isolate, review, analyze, and reverse-engineer potentially malicious programs recovered from compromised computer systems and networks.
- Research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits.
- Research behavior of binaries and share detailed understanding of how apps behave at memory/register level in support of technical exploitation operations.
- Support efforts to design, prototype, document, test, conduct exploitation automation and transition code analysis methods and tools specific to technical exploitation operations.
Qualifications:
Education:
- Bachelor's degree and 8+ years experience, or Master's degree and 6+ years experience, or 3 years with PhD. A degree should be in one of these fields of study: Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, Mathematics, or Software Engineering. Relevant work experience should be within the past five years.
In lieu of a degree in one of these fields of study, an additional 4 years of relevant experience or specialized training may be considered.
Experience:
- Proven ability to build, maintain, and leverage collaborative relationships with stakeholders across different government agencies, serving as an effective technical liaison.
- Experience establishing and managing formal partnerships between government entities (e.g., via Memoranda of Understanding or Inter-Agency Agreements) to achieve shared mission objectives.
- Exceptional communication skills, with a demonstrated ability to present complex technical information clearly and persuasively to diverse audiences, including non-technical decision-makers.
- Skilled in facilitating inter-agency working groups and building consensus among partners who may have differing priorities or organizational cultures.
- Strategic and proactive mindset with the ability to identify and develop new opportunities for cross-agency collaboration that advance the organization's mission.
- A strong sense of mission ownership and personal accountability, focused on elevating the team's role from a participant to a key contributor within the working group.
- Experience with Windows, Linux, Android, OS X, and iOS operating system & architecture.
- Experience in computer or cell phone architecture, system internals, operating systems, and/or boot process software engineering.
- Experience with static analysis tools such as IDA Pro, Ghidra and Binary Ninja.
- Experience with debugging tools such as WinDbg.
- Experience with virtualization, sandboxing, and emulation tools like VMware, KVM, QEMU and others.
- Working knowledge of programming languages such as C, C++, .NET, Python, Java, etc.
- Debug mobile applications' memory and performance issues.
Preferred Qualifications:
- Experience requiring a deep knowledge of Android and a strong passion in mobile industry and mobile development.
- Experience developing/designing mobile phone platforms highly desired.
Experience in wireless API's (Wi-Fi, Bluetooth) preferred. - Engineer software scripts in C, C++, and Java with emphasis on prototyping and API extraction.
- DoD 8570 Compliant, active IAT Level II certification.
- Additional active certifications: CFR, RCCE Level 1, CySA+, GCFA, GCFE.