Vulnerability Researcher

Company Description

Research Innovations Inc. (RII) is a leading provider of cutting-edge cyber solutions. RII fosters a mission-driven culture that values talent, dedication, and excellence in serving its customers.

Role Description

We are seeking a dedicated Vulnerability Researcher to join our Cyber team. As a Vulnerability Researcher at RII, you will play a pivotal role in solving unique and challenging problems for our esteemed Defense and Homeland Security customers. This position requires a proactive mindset, deep technical expertise in vulnerability research, reverse engineering, and exploit mitigations/bypasses, and a drive to live one of our core values: Get s#!t done.

• Conducting in-depth reverse engineering and vulnerability analysis across various architectures and platforms, including x86/64, ARM, PowerPC, and more
• Researching and analyzing operating system and application internals, identifying and understanding security strengths and weaknesses of those systems
• Developing and enhancing functionality by adding features and capabilities to undocumented interfaces
• Modeling and analyzing in-memory compiled application behavior to identify potential vulnerabilities and improve security measures
• Developing and understanding mobile/embedded systems and kernel modules, particularly related to vulnerability research
• Participating actively in our extensive Vulnerability Research mentorship program, sharing knowledge and collaborating with colleagues

• Proficient understanding of wireless networking and associated security protocols, such as Wi-Fi (802.11), Bluetooth, or cellular networks (2G/3G/4G/5G). Familiarity with common vulnerabilities and attack vectors in wireless communication
• Strong grasp of legacy exploit mitigations and bypass techniques, including but not limited to Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP/NX), Stack Cookies (Canaries), and Control Flow Integrity (CFI). Experience in identifying and circumventing these security measures
• In-depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.). Understanding the security implications and potential vulnerabilities associated with these concepts
• Programming experience with both scripted languages (preferably Python3) and compiled languages (preferably C). Ability to write efficient and secure code for vulnerability research and exploit development purposes
• Familiarity with low-level architectures such as x86, ARM, or MIPS. Understanding the underlying principles, instruction sets, and memory models of these architectures for vulnerability identification and analysis
• Experience with operating system internals and implementations, including Windows, Linux, or macOS. Knowledge of system structures, process management, memory management, and security mechanisms at the kernel level
• Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike