Senior Android Vulnerability Researcher (111180BR)

  • Raytheon
  • Arlington, Virginia, United States
  • 06/13/2018

Job Description

Seeking Senior Android Vulnerability Researchers for Raytheon Cyber Security Innovations (CSI) offices in Arlington, VA; Dulles, VA; and State College, PA.We take our work and our fun seriously. We refuse any work that isn’t hard and engaging, we make sure our engineers have the tools they need to do their jobs, and we focus on recognizing results. Our research and development projects cover the spectrum of security technologies for computer network operations.If it runs code somebody in our office has looked at it.

Our Senior Android Vulnerability Researchers analyze mobile devices to understand how they work and how they behave when they break. Candidates must be able to play both sides of the fence, both developing and defeating new and advanced security techniques. Projects will be undertaken in small teams with close coordination with customers. All of our engineers write code, but many of our engineers spend as much time taking systems apart as building new ones. A typical day may involve studying disassembly or writing python to audit a piece of Java or C++ code.

Required Skills:

  • Extensive experience with Java, C or C++
  • Thorough understanding of Android Internals
  • Experience reading, writing, and debugging ARM assembly
  • Deep experience with Android native code (Binder, JNI) and Linux kernel internals
  • Knowledge of common vulnerability classes (Overflows, Use after free, Race conditions)
  • Experience using debuggers such as WinDBG, DDMS, gdb
  • 5 or more of the "desired skills" below

Desired Skills:

  • Chrome internals
  • Familiarity with Webkit, V8, and Chrome IPC internals
  • Understanding of Bionic
  • Experience developing embedded systems
  • Experience using reverse engineering tools such as IDA Pro, HexRays, Binary Ninja, or objdump
  • Knowledge of Android kernel subsystems (binder, ashmem, drivers)
  • Knowledge of Android userspace subsystems (framework, zygote, services)
  • Knowledge of Android security subsystems (dm-verity, selinux, application signing)
  • Knowledge of Android vendor security implementations
  • Knowledge of Android TrustZone subsystems (TEE)
  • Knowledge of ARMv8a 64-bit
  • Understanding of network protocols (TCP/IP stacks, RF communications, routing protocols, or others).
  • Understanding of exploit mitigations such as DEP and ASLR

Security Clearance:

Qualified applicants may be subject to a security investigation and must meet minimum qualifications for access to classified information. U.S. Citizenship is required. Qualified applicants must meet the requirements to obtain and maintain a TS/SCI government security clearance.


Our Interviews:

Our interviews are technical. Come prepared to tell us about your technical background and interests as well as to work through some of our questions on a computer or whiteboard. We hope candidates find our questions to be thought provoking, but we don’t ask brain teasers or tricks. This is a chance to have a dialog with our team, and we hope you will enjoy it!

We have similar positions available in MD, FL, TX, SC, and AL.

111180

Raytheon is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

Raytheon Intelligence, Information and Services delivers innovative technology to make the world a safer place. Our expertise in cyber, analytics and automation allow us to reach beyond what others think is possible to underpin national security and give our global customers unique solutions to solve the most pressing modern challenges -- from the cyber domain to automated operations, and from intelligent transportation solutions to creating clear insight from large volumes of data. IIS operates at nearly 550 sites in 80 countries, and is headquartered in Dulles, Virginia. The business area generated approximately $6 billion in 2016 revenues. As a global business, our leaders must have the ability to understand, embrace and operate in a multicultural world -- in the marketplace and the workplace. We strive to hire people who reflect our communities and embrace diversity and inclusion to advance our culture, develop our employees, and grow our business.


Security Clearance: TSSCI Relocation Eligible: Yes Algorithms, Computer Science, Cyber, Software Engineering, Engineering, All, Warfighter Support Services
JBRaytheon ICJBMeta