Software Reverse Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related field (or equivalent experience) with 8+ years of relevant experience; OR Masters’s degree in Computer Science, Software Engineering, Information Security, or a related field (or equivalent experience) with 6+ years of relevant experience; OR PhD in Computer Science, Software Engineering, Information Security, or a related field (or equivalent experience) with 3+ years of relevant experience .
• Minimum of 3+ years of relevant experience in software reverse engineering, with a preference for experience in materiel exploitation, malware analysis, or vulnerability research.
• Proven experience with virtualization platforms (VMware Workstation, KVM/QEMU) for dynamic analysis, sandboxing, and system emulation.
• Hands-on experience with forensic disk image analysis using tools like Autopsy and guestfish to mount, modify, and extract artifacts from raw disk images.
• Expertise in the SWRE toolchain, including Ghidra, GDB, Wireshark, MobaXterm, NMAP , and the Linux binutils suite (e.g., readelf, strace, ltrace, ldd).
• Demonstrated ability to perform live debugging of complex applications using GDB , including setting breakpoints, inspecting memory, and analyzing program state to support reverse engineering efforts.
• Deep expertise in Linux/Unix environments, including system administration, network configuration, SSH key management (ssh-keygen, virt-customize), and advanced command-line tools.
• Strong knowledge of low-level programming (C, C++, Assembly) and experience with scripting languages like Python.
• Strong understanding of operating system internals, x86/x64 assembly, and CPU architecture.
• Experience with network analysis (Wireshark, nmap) to baseline system behavior and identify communication protocols.
• Experience handling non-standard system configurations, including foreign language character sets and legacy hardware emulation.
• A solid understanding of common security practices and the ability to identify security flaws in software architecture.
• TS/SCI with ability to obtain a poly
• This position is located on-site in Huntsville, AL

Responsibilities

• System Analysis: Conduct comprehensive analysis of compiled software and binaries. Employ forensic techniques to extract critical artifacts, understand system architecture, and identify key software components.
• Dynamic System & Environment Analysis: Utilize virtualization and sandboxing environments (VMware, KVM/QEMU) to run and observe software in its native operating environment. Perform system call tracing, network monitoring, and file system analysis to reveal real-time behaviors and interactions.
• Live Debugging and Analysis: Perform live, on-system debugging using tools like the GNU Debugger (GDB) to step through code execution in real-time. Correlate dynamic findings directly with static analysis from Ghidra to validate assumptions, understand complex logic, and uncover obfuscated functionality.
• Static Reverse Engineering: Use advanced reverse engineering tools, with a focus on Ghidra, to decompile and disassemble software. Analyze code paths, extract indicators, and uncover hidden or malicious logic that is not apparent through dynamic analysis alone.
• CONOPS and Document Exploitation (DOCEX): Collaborate with analysts to integrate findings from system and operational documents. Use this context to understand the system's Concept of Operations (CONOPS), providing significance and priority to exploitation efforts.
• Vulnerability and Capability Research: Investigate and identify vulnerabilities, undocumented features, and novel capabilities within the target system. Develop proof-of-concept exploits and assess their potential impact on operational dependencies.
• Model and Simulate specific features and functions to understand how the software was developed, compiled, and deployed.
• Tool Chain Mastery: Employ a specialized toolchain for analysis, including disk imagers, virtual machine managers, network scanners, and debuggers to perform end-to-end exploitation.
• Mentorship: Mentor junior engineers in specific SWRE methodologies, tools, and techniques.