Mid-level Vulnerability Researcher

Battelle•Columbus, OH

1d•Hybrid

About The Position

Battelle is seeking an aspiring Mid-level Vulnerability Researcher to work in our Columbus, OH or Chantilly, VA locations. As a Mid-level Vulnerability Researcher, you will work with disassemblers and debuggers to quickly understand how embedded devices operate. You will use and build tools that push past the edge of current tools and techniques. In a given day you will research and debug an embedded device while getting the chance to bounce ideas off of a close-knit team of researchers. We have the tools and the mentors you will need to take yourself to the next level and who are eager to learn from your experience. "From Silicon to Systems" - We are an elite, multi-disciplinary team, bringing together the brightest minds from physics, computer science, electrical engineering, and mathematics to develop unique embedded security solutions for government and industrial customers. Battelle has been trusted by elite government clients to solve some of the world’s hardest security problems. We work in small agile teams to push the bounds of computing technology. Our high-powered labs include specialized software and hardware, so our engineers have everything they need to invent new Cyber solutions. We encourage new ideas with our large Internal Research and Development (IRAD) program where engineers work on projects they are passionate about. Inventors and innovators are rewarded by our industry-leading IP compensation program. Our group works collaboratively with many parts of Battelle’s larger organization on projects ranging from genomics to robotics.

Requirements

Bachelor’s degree in related field with 5 years of experience; or Master’s degree in related field with 2 years of experience; or PhD in related field; or an equivalent combination of education and/or experience in a related field
Strong understanding in reading assembly language and using debugging tools
Experience with a disassembler for vulnerability research (Ghidra, IDA Pro, BinaryNinja)
Experience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.)
Experience with one or more debuggers (WinDbg, OllyDbg, gdb)
Experience with vulnerability research on one or more operating systems: Android, iOS, Windows, Linux, MacOS, VxWorks, QNX, RTOSs, or other custom operating systems
Knowledge of advanced exploitation techniques (ret2libc,use-after-free,type confusion)
Knowledge of exploit protection techniques (DEP, ASLR/NX)
Ability to code in C and/or Python
Ability to work individually and in small fast paced team environments
Passion and drive to constantly need to improve your skill set
Must Be a US Citizen with the ability and willingness to obtain a DoD Secret or higher clearance

Nice To Haves

Understanding of network protocols
Experience with AI/ML
Experience with microcontrollers
Experience emulating embedded platforms for live debugging
Experience using fuzzing tools such as AFL or Peach
Concolic analysis research and implementation
Experience with symbolic analysis
Active DoD Secret security clearance

Responsibilities

Research and debug an embedded device
Use and build tools that push past the edge of current tools and techniques
Understand how embedded devices operate using disassemblers and debuggers

Benefits

Tuition assistance
Paid training
Software and Intellectual Property development royalty sharing
Mentorship and learning culture
Internally funded and guided research projects with large amounts of individual autonomy
Compressed work schedule (every other Friday off)
Hybrid work arrangement (60% in-office, 40% remote)
Paid time off
Medical coverage
Dental coverage
Vision coverage
Wellness incentives and benefits
Optional supplemental benefits
Coverage for partners
Gender-affirming care and health support
Family formation support
401(k) retirement savings plan (5% employer contribution regardless of employee contribution, plus matching)
Industry-leading IP compensation program