Windows CNO Developer (BZ)

About The Position

Requirements

• Active TS/SCI clearance.
• 7-10+ years of professional software development focused on low-level or systems programming, with significant experience on Windows.
• Demonstrated, hands-on Windows kernel vulnerability research experience: analyzing kernel internals, developing PoCs, and understanding exploitability and mitigations.
• Strong proficiency in C and C++, plus experience with Python for tooling/automation and x86/x64 Assembly for exploit and implant development.
• Deep understanding of Windows internals (kernel architecture, memory management, process/thread model, I/O, driver model, security mechanisms, and Windows APIs).
• Experience with reverse engineering tools such as IDA Pro, Ghidra, WinDbg, x64dbg, or similar, and comfort reading disassembly and decompiled code.
• Solid knowledge of networking protocols (TCP/IP, HTTP(S), DNS) and socket programming relevant to CNE tool communications and C2 channels.
• Experience with secure software development lifecycle: design, develop, test, debug, document, and maintain complex codebases, preferably in Agile teams.
• Familiarity with version control (Git) and modern dev toolchains (Visual Studio, CMake, CI workflows).

Nice To Haves

• Prior work developing CNO/CNE capabilities.
• Experience evading host and network defenses (EDR/AV, IDS/IPS) and building resiliency/OPSEC into tooling.
• Experience with other platforms (Linux, mobile, or embedded) and cross-platform CNO development

Responsibilities

• Research, identify, and characterize Windows kernel vulnerabilities, including privilege escalation, sandbox escapes, and persistence mechanisms.
• Design, develop, and maintain CNO/CNE tools and capabilities targeting Windows platforms (kernel and user mode), from proof-of-concept to operational-grade capability.
• Perform advanced reverse engineering of Windows binaries, drivers, and system components to understand behavior, exploitability, and mitigation paths using tools like IDA Pro, Ghidra, and WinDbg.
• Develop kernel-mode and user-mode code in C/C++ and Assembly to implement implants, loaders, and exploit chains, with a focus on reliability and stealth.
• Create and test exploitation techniques for complex Windows targets, including bypasses for modern protections (ASLR, DEP, CFG, kernel mitigations), in partnership with cyber research teams.
• Integrate CNO capabilities into mission frameworks and tasking/dataflow pipelines, including configuration, logging, and secure communications.
• Conduct debugging and troubleshooting of low-level software in lab and operational-like environments, including crash triage and performance analysis.
• Collaborate closely with analysts, operators, and other engineers to align capabilities with mission requirements and provide technical guidance on feasibility and trade-offs.
• Produce clear technical documentation (designs, CONOPs, usage guides) and contribute to secure coding standards and internal best practices.

Benefits

• individual and family health, vision and dental benefits
• A minimum of four (4) weeks of paid time off including a week of sick leave
• 11 federal holidays off
• a 401(k) employer match with no vesting schedule
• referral benefits
• bank hours if the contract allows