Senior Vulnerability Researcher

Battelle•Columbus, OH

20h•Hybrid

About The Position

Battelle delivers when others can’t. We conduct research and development, manage national laboratories, design and manufacture products and deliver critical services for our clients—whether they are a multi-national corporation, a small start-up or a government agency. We recognize and appreciate the value and contributions of individuals from a wide range of backgrounds and experiences and welcome all qualified individuals to apply. Job Summary Battelle is currently seeking an aspiring Senior Vulnerability Researcher to work in our Columbus, OH location. Do you have a passion for understanding how things work, and ultimately, how they break? Do you enjoy working with discovering vulnerabilities and debugging programs with tools like gdb or QIRA? Does creating automated, scalable and reverse engineering tools and pipelines excite you? If you answered yes to these questions, this is the job for you! As a Senior Vulnerability Researcher , you will work with disassemblers and debuggers to quickly understand how embedded devices operate. You will use and build tools that push past the edge of current tools and techniques. In a given day you will research and debug an embedded device while getting the chance to bounce ideas off of a close-knit team of researchers. We have the tools and the mentors you will need to take yourself to the next level and who are eager to learn from your experience. “From Silicon to Systems” - We are an elite, multi-disciplinary team, bringing together the brightest minds from physics, computer science, electrical engineering, and mathematics to develop unique embedded security solutions for government and industrial customers. Battelle has been trusted by elite government clients to solve some of the world’s hardest security problems. We work in small agile teams to push the bounds of computing technology. Our high-powered labs include specialized software and hardware, so our engineers have everything they need to invent new Cyber solutions. We encourage new ideas with our large Internal Research and Development (IRAD) program where engineers work on projects they are passionate about. Inventors and innovators are rewarded by our industry-leading IP compensation program. Our group works collaboratively with many parts of Battelle’s larger organization on projects ranging from genomics to robotics.

Requirements

Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, or related field of study with 8 years of experience; Master’s degree in related field with 5 years of experience; PhD in a related field with 2 years of experience; or an equivalent combination of education and experience
Develop software to run in user-mode or kernel-mode
Strong understanding in reading assembly language and using debugging tools
Experience with a disassembler for vulnerability research (Ghidra, IDA Pro, BinaryNinja)
Experience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.)
Experience with one or more debuggers (WinDbg, OllyDbg, gdb)
Experience with vulnerability research on one or more operating systems: Android, iOS, Windows, Linux, MacOS, VxWorks, QNX, RTOSs, or other custom operating systems
Knowledge of advanced exploitation techniques (ret2libc,use-after-free,type confusion)
Knowledge of exploit protection techniques (DEP, ASLR/NX)
Ability to code in C
Understanding of network protocols
Ability to work individually and in small fast paced team environments
Passion and drive to constantly need to improve your skill set
Must Be a US Citizen with the ability and willingness to obtain a Secret or higher clearance

Nice To Haves

Experience using fuzzing tools such as AFL or Peach
Concolic analysis research and implementation
Experience emulating embedded platforms for live debugging
Experience with microcontrollers
Experience with symbolic analysis
Active Secret security clearance

Benefits

Learn (tuition assistance, paid training) and teach (get published, speak at a conference)
Software and Intellectual Property development royalty sharing
Mentorship and learning culture
Internally funded and guided research projects with large amounts of individual autonomy
Balance life through a compressed work schedule : Most of our team follows a flexible, compressed work schedule that allows for every other Friday off—giving you a dedicated day to accomplish things in your personal life without using vacation time.
Enjoy enhanced work flexibility, including a hybrid arrangement: You have options for where and when you work. Our Together with Flexibility model allows you to work 60% in-office and 40% remote, with Monday and Tuesday as common in-office days, dependent on team and position needs .
Take time to recharge : You get paid time off to support work-life balance and keep motivated.
Prioritize wellness : Stay healthy with medical, dental, and vision coverage with wellness incentives and benefits plus a variety of optional supplemental benefits.
Better together : Coverage for partners, gender-affirming care and health support, and family formation support.
Build your financial future : Build financial stability with an industry-leading 401(k) retirement savings plan. For most employees, we put in 5 percent whether you contribute or not, and match your contributions on top of that.
Advance your education : Tuition assistance is available to pursue higher education.