UAS Lead Cybersecurity Engineer

The Company

Legion X is a cyber vulnerability research services company headquartered in Reston, VA that leverages the attacker mindset and expert engineering to solve national security challenges and help private clients improve their cyber security and minimize risk.  Our vision is to be the premier cyber vulnerability research and red team outfit in the nation.  We offer a wide variety of cyber Vulnerability Research, CNO Capability Development, Cyber Survivability Assessment, and Custom Engineering services enhanced by deep expertise in embedded and operational technologies.  

We are a small, tight-knit company built and run by engineers who pursue the most interesting and impactful cyber vulnerability research we can find.  We take on tasks like vulnerability assessments, exploit development, cyber vulnerability research, penetration tests, firmware reverse engineering, hardware reverse engineering, customized test rigs, capability development, and CNO support for both government and commercial customers. We are also involved in raising security standards of the entire drone industry through our role as government Recognized Assessors for the Blue UAS program.

We are a small, relatively new company embracing what we believe to be the best and most efficient ways of working in the modern era.  That means freedom and flexibility but also responsibility.  If you are self-motivated, battle tested, and driven to understand systems so you can exploit them, then we encourage you to apply.  We are looking for experts and excellent human beings we want to work with for a long time, and are willing to explore equity options for applicants so that the best come, stay, and win together.

The Role

You are applying for the role of Unmanned Aircraft Systems (UAS) Lead Cybersecurity Engineer.  The role is intended to be hands-on engineering and management of a small, technical team plus a meaningful role in business development for UAS assessment and consulting.  Given the early stage of the company, you may be asked to perform a wide variety of tasks outside of your work role.   The position is a hybrid work model, where you may work off-site by default but you must be willing to commute to Fairfax, VA on a regular basis for on-site tasks.  You must be eligible for a TOP SECRET government clearance and a US citizen.

A UAS Lead Cybersecurity Engineer is an experienced small projects lead who can regularly contribute highly technical engineering work to the projects they lead and is prepared to operate their team as an independent unit, with only limited guidance required for efficient project execution.  You will also be expected to take part in the development of new business for UAS assessment and consulting, interacting with customers regularly and providing an informed public interface for customers to engage Legion X about UAS services.  You will report directly to the President of the company and be assigned a small team of engineers to manage.

You will be expected to contribute to a wide range of UAS-related cybersecurity tasks, including but not limited to:

• Component chip identification and datasheet analysis
• Interactive programming and debugging through physical interfaces (e.g. JTAG)
• Firmware/software reverse engineering in common processor and microcontroller architectures for UAS (e.g. ARM [Cortex-M RISC], x86/64, etc.)
• Manual vulnerability analysis and penetration testing
• Cyber Threat Emulation
• Automated vulnerability scanning and fuzzing
• Digital test harness development and testing automation
• Firmware emulation
• Source code security review in common embedded languages (e.g. C/C and Python) 
• Operating System evaluation (e.g. Windows, Linux, RTOS, etc.)
• Identification of undocumented data storage and logging
• Evaluation of encryption mechanisms
• RF protocol surveys and code flow identification (e.g. WiFi)
• Traffic captures in common professional tools like Wireshark
• Evaluation of certificate-based signing and encryption mechanisms
• Forensic data recovery
• Report writing

Your ability to write detailed technical reports is critical as it will be a priority duty of the UAS Cybersecurity Lead as a project team lead.  Additional project management skills enabling the quick and efficient execution of UAS assessment and consulting projects factor into the role.

In practical terms, if we handed you a small drone could you find every cyber vulnerability of the system and write a detailed report about them?

Application Requirements

Before you apply, make sure you meet these requirements or you will be rejected:

• US Citizen with TOP SECRET clearance eligibility
• Experience and skillset aligned with the role (cyber vulnerability research skills; protocol analysis skills; communication skills; report writing skills; self-motivation and drive; clear interest in the work)
• We do not have Certification or Degree requirements for this position -- your skill alone sets you apart
• Willingness to do at least one oral technical interview (1 hour long) and one cultural fit interview (1 hour long) over a virtual conferencing solution (like Zoom) in the period of 9am - 6pm Eastern.  We can possibly accommodate other times if you ask.

There are also preferred skills that will strengthen your application:

• Previous UAS or autonomous systems experience
• RF spectrum and protocol analysis, such as working with commercial SDRs to perform complete spectrum analysis, waveform capture, and data demodulation across a variety of protocols (including tools like GNURadio)
• CNO experience
• Hands-on hardware experience
• Firmware programming experience

Understand that the best applicants will be both strong technical and strong cultural fits.

Compensation

We are a small company, yet we strive to compensate every employee as best we can.  We manage to offer low-to-no deductible healthcare, competitive salaries, equity options, profit-sharing options, retirement benefits, fitness/gym benefits, a hardware/home office stipend, security clearances, holidays, PTO, and a firm belief in work-life balance.  We also accept good ideas and are open to hearing exactly what compensates you best.

Non-Discrimination

We will not discriminate based on race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, disability, age or genetic information (including family medical history) per federal law and our beliefs as a company.  We base our hiring decisions on if you are the best fit for the job and customer requirements.  But don't expect everyone to agree with your values when you arrive -- we expect that the best employees will come from a variety of different backgrounds and identities, but share one goal.  We don't believe it is our company's job to tell you who you are or what you should value, but we do hope Legion X can be a place where you are open to share exactly who you are and what you believe, yet still find a team of other excellent people ready to work alongside you and get to know you better.