Vulnerability Researcher (BZ)

Legato, LLC recruiters ([email protected]) would love to speak with you regarding the following position: Vulnerability Researcher in Dulles, VA.
Security Clearance Required: TS/SCI minimum
**Some Remote Work May Be Available**

What You Will Do:

The team covers Our team covers the full life cycle of Vulnerability Research from reverse engineering and emulation, through vulnerability discovery, to productization and effects generation. Key areas of focus include: Hardware debugging using JTAG/gdb, Knowledge on typical embedded systems including UART, boot-up sequences, and updating devices,  Reverse Engineering ARM, PPC, or Mips binaries, Discovering Vulnerabilities in firmware, device drivers, or in proprietary embedded operating systems, Repurposing vulnerabilities for specific effects, Static and dynamic Analysis, Fuzzer Development, Malware analysis, and System Emulation. There are a variety of non-traditional methods created to acquire access to computer based systems so the ideal candidate would be someone who enjoys trying new things. The most capable candidates will have a variety of low-level operating systems experience as well as cross-platform vulnerability research. If you've written everything from a kernel paged pool exploit to a simple userland stack-based buffer overflow, built your own adaptable instrumentation and integrated a solver to help you identify and reach code, or modified emulators and JIT engines to add your own instrumentation to help you identify entire classes of vulnerabilities, you'll be right at home.

Our minimum requirements for this role:

• Active TS/SCI clearance.


• Familiarity with at least one common low-level architecture (x86, ARM, etc) is important, as is the ability to conduct vulnerability research against applications compiled for that architecture.


• Experience with software protection and binary armoring is a plus, and familiarity with modern exploit mitigation techniques and counter-measures is a must.


• Experience with one of the four platforms: specific platform: Windows, Linux, iOS, embedded.


• Development experience is desired, but at least some scripting experience is required. Whether in python, ruby, or some other language, you should be capable of quickly developing the instruments needed to help you succeed in your reverse engineering and vulnerability research efforts..


• Candidates must be able to defeat advanced security techniques. Projects will be undertaken in small teams with close coordination with customers to quickly enhance capabilities or resolve issues in existing tools.


• Working as part of a team you will also need to be familiar with source management tools such as GIT and team coordinating instruments like Atlassian suite of work products

About Your New Company
Legato, LLC is a dynamic small business headquartered in Columbia, near Ft. Meade, MD. Our positions include Cyber, Software, Systems, Networking, Data Science and other complex engineering capabilities. We set ourselves apart by having employees in the top of their field and who enjoy working at Legato for its attention to its employees, aggressive compensation, and upward mobility possibilities.
We offer a generous benefits package including individual and family health, vision and dental benefits. A minimum of four (4) weeks of paid time off including a week of sick leave. Legato gives our employees 11 federal holidays off and a 401(k) employer match with no vesting schedule. There is an opportunity to earn referral benefits or bank hours if the contract allows.

Disclaimer: The salary range provided is an estimate based on current market conditions and may be adjusted based on factors such as experience, skills, and qualifications. The final salary offer will be determined after a thorough review of the candidate's background and alignment with the role. Please note that this range is subject to change and should be considered as a guideline rather than a definitive figure.

Legato LLC is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.