Vulnerability Assessor

Position Title: Senior Cyber Vulnerability Analyst/Assessor – Space Systems and Mission Platforms

Marathon TS is seeking an experienced professional to perform full-spectrum cybersecurity assessments across complex aerospace and defense programs. This position focuses on identifying and validating weaknesses within mission-critical space platforms and their supporting infrastructures. The ideal candidate will combine deep technical expertise, creativity, and leadership to uncover high-impact vulnerabilities and help system owners mitigate risk effectively.

The individual we are looking for will be taking a deep dive in reverse engineering products provided by vendors and exploiting these products to expose the vulnerability. Heavy testing and a small amount of reporting.

Qualifications:

• Security Clearance: Top-Secret clearance.
• Education:
• Bachelor's degree in Computer Science, Cybersecurity, Computer or Electrical Engineering, or a related technical discipline..
• Experience:
• Minimum of seven years conducting offensive security engagements, vulnerability analysis, or reverse engineering.
• Prior exposure to DoD, intelligence, or aerospace programs strongly preferred.

Technical Expertise:

• Demonstrated skill in reverse-engineering and binary analysis, using tools such as Ghidra, IDA Pro, Binary Ninja, Radare2, WinDbg, or GDB.
• Proficiency in exploit development and offensive frameworks, including Metasploit, Burp Suite, and custom scripted tools (Python, Go, or Rust).
• Experience with firmware and embedded systems testing, including communication interfaces, real-time operating systems, and device-level hardware evaluation.
• Strong programming and scripting proficiency in Python, C/C , assembly, and Bash or PowerShell. Ability to modify code or craft purpose-built proof-of-concept utilities.
• In-depth understanding of network, web, and cloud exploitation techniques and methodologies.
• Excellent written and verbal communication—capable of conveying complex findings clearly to both technical and executive audiences.

Preferred Background & Certifications:

• Recognized industry credentials such as OSCP, OSCE, GPEN, GXPN, CREST CRT, or CISSP.
• Previous involvement in red team operations or adversarial simulation within defense or intelligence contexts.
• Familiarity with RMF processes, DISA STIGs, NIST 800-series frameworks, and integration of test data into authorization and accreditation documentation (e.g., eMASS or similar systems).
• Experience performing secure design reviews, code audits, or supply chain risk analyses.
• Participation in audit or accreditation efforts as an assessor or evaluator.