[Popular Searches]

[Popular Searches]

Interested in solving your problems with GRVTY’s solutions?

SUBMITTING...

Vulnerability & Exploitation Specialist

Annapolis Junction, MD
TS/SCI + FS Poly
Apply for this job

What Impact You’ll Have:

Our team conducts Vulnerability Research and Reverse Engineering in a rapid prototyping, R&D environment. On this highly-visible program, you can get your hands dirty with a wide variety of tools and systems and get a chance to do some of the really cool things that can be done with a CNO skill set. The project consists of small teams working closely with customers to respond to specific mission needs, create new tools and techniques, and address ongoing challenges. This work is very hands-on, and the culture supports developing talent and letting smart people grow and tackle real-world challenges in a flexible, fun environment. On this project you could work with C/C++, Python, Assembly (x86/x64), Java, mobile OS's, windows, linux, RE and debugging tools, and more. Work on this program takes place in both customer and contractors SCIFs in the Annapolis Junction, MD area (we cannot support remote work) and requires a TS/SCI + Poly clearance (acceptable to this customer).

What You’ll Be Owning:

GRVTY is seeking a Vulnerability & Exploitation Specialist with a TS/SCI + Poly clearance (applicable to this customer) to join one of our top projects in Annapolis Junction, MD. We are looking for candidates who have discovered a 0-day vulnerabilities or a list of CVEs (public vulnerability disclosures) they discovered or contributed to. We are also looking for any specific work they’ve done exploiting vulnerabilities.

What You Must Have:

  • Active TS/SCI with Polygraph Clearance
  • Skills/experience listed out in order of priority:
  • 0-day vulnerabilities or CVEs discovered and attributed to themselves
  • History performing vulnerability research
  • Experience with writing or using fuzzers – AFL, LibFuzzer, ClusterFuzz, oss-fuzz
  • Experience with code analysis tools – CodeQL, Joern, Semgrep
  • History of exploiting or productizing 0-day vulnerabilities
  • History of exploiting or productizing n-day vulnerabilities/CVEs/publicly disclosed vulnerabilities
  • History of reverse engineering malware or other code for CNE purposes
  • Experience with reverse engineering tools – Ghidra, Ida Pro, Binary Ninja Experience using debuggers – GDB or WinDbg
  • Experience writing, navigating, and building C/C++ code
  • Experience with tools like VsCode, Visual Studio, VIM/Emacs
  • Familiarity with ARM or MIPS architectures and Linux variants
  • We also use Python to write a lot of our tools, so that is good to see
[CLOSE]