Staff Reverse Engineer

The job overview for this position is that Shift5 is seeking an experienced Staff Reverse Engineer to join their team. The primary responsibilities of this role include performing vulnerability research and exploit/cyber-attack development on operational technologies (OT), assessing critical operational technology systems, reverse engineering software and hardware, identifying vulnerabilities, designing exploits and attacks, and fielding effects on live networks and platforms. The role also involves understanding the impacts of cyber-physical attacks, reverse engineering serial data protocols, and collaborating with a team to develop rules and heuristics for cybersecurity products.

• Perform vulnerability research and exploit/cyber-attack development on operational technologies (OT)
• Support platform vulnerability assessments, customer-directed research, internal research, and improvement of Shift5 core products
• Assess critical operational technology systems and reverse engineer their software and hardware
• Identify vulnerabilities, design exploits and attacks, and build custom capabilities
• Field effects on live networks and platforms
• Defend critical national infrastructure, weapons platforms, and logistics by thinking like an attacker
• Understand, reverse engineer, and find vulnerabilities in OT devices down to the hardware and firmware level
• Deconstruct and understand firmware binaries using tools like Ghidra, IdaPro, etc.
• Have a strong understanding of C/C++ and other common embedded device programming languages
• Examine hardware components of a device, identify chipsets, interpret datasheets, and extract firmware
• Build an understanding of how the platforms operate to understand the impacts of cyber-physical attacks
• Use documentation, raw data, and reverse engineering techniques to describe message traffic on serial data buses or wireless protocols
• Familiarity with serial data protocols such as MIL-STD-1553, CAN, ARINC 429, UART, SPI, I2C, etc.
• Embrace uncertainty, thrive in the unknown, and view incomplete information as an opportunity
• Have a passion for breaking things and believe no system is impenetrable
• Understand the responsibility that comes with building tools that could cause damage to real systems and people's lives
• Travel to customer sites on average 15-20% of the time
• Work in a hybrid model, local to Shift5 HQ in Rosslyn, VA
• Write code in C/C++ and/or Python to demonstrate findings and build general OT red teaming tools
• Conduct system decompositions, vulnerability assessments, and penetration tests of OT platforms
• Identify cyber access vectors into platform networks and build effective attacks against systems
• Write reports to record findings and convey them to the Program Manager
• Communicate technical findings and concepts to internal stakeholders and customers
• Work with Cyber Threat Engineers and Analysts to develop rules, signatures, and heuristics for cybersecurity products
• Be flexible and ready to learn, supporting Shift5 Research priorities in various industries such as aviation, rail, weapons systems, maritime.

• Experience in reverse engineering either hardware or software is required.
• Strong understanding of C/C++ and other common embedded device programming languages.
• Familiarity with embedded Real Time Operating Systems (RTOS).
• Ability to deconstruct and understand a firmware binary using tools like Ghidra, IdaPro, etc.
• Ability to examine hardware components of a device, identify chipsets, interpret datasheets, and extract firmware.
• Understanding of how platforms operate to understand the impacts of cyber-physical attacks.
• Familiarity with serial data protocols such as MIL-STD-1553, CAN, ARINC 429, UART, SPI, I2C, etc. is preferred.
• Insatiable appetite for learning and exploring ways to make the impossible possible.
• Passion for breaking things and identifying weaknesses in critical systems.
• Ability to travel to customer sites on average 15-20% of the time.
• Ability to work in a hybrid model, local to Shift5 HQ in Rosslyn, VA.
• Proficiency in writing code in C/C++ and/or Python.
• Experience in conducting system decompositions, vulnerability assessments, and penetration tests of OT platforms.
• Knowledge of remote, proximal, and local cyber access vectors into platform networks.
• Excellent verbal and written communication skills.
• Ability to work collaboratively in a team environment.
• Flexibility and willingness to learn and adapt to various tasks and priorities.

• Competitive salary and stock options in a fast-growing startup
• Employer-paid medical, dental and vision coverage for employees and their families
• Health Savings Account with annual employer contributions
• 401k with employer contributions
• Employer-paid Life Insurance
• Uncapped paid time off policy
• Flexible work & remote work policy
• Tax-deferred public transit benefits with Metro SmartBenefits (DC/MD/VA)