Mobile App Vulnerability Researcher
- Springfield, VA
Mobile Application Software Reverse Engineer
- Research mobile operating systems and applications to identify vulnerabilities
- Analyze code and propose solutions to meet requirements
- Develop, test, and pilot solutions for demonstration to determine additional requirements
- From pilot, tailor applications into tools for specific mission requirements
- Test, document, and train potential users in the use of the tools.
- Work within an agile development environment. Sprint team will select research targets, assign tasks, and evaluate progress weekly.
- Concept is fail fast and fail often leads to successes.
- Progress is measured by identifying strong points and weak points and not wasting resources chasing improbable solutions .
Knowledge of and experience with binary reverse engineering and software vulnerability discovery
- Experience developing, debugging and /or reverse engineering code for popular mobile programming languages (i.e. Java, Objective-C, Swift, etc)
- Experience using common software reverse engineering tools to determine how an application works and processes data. This includes x86, ARM, ARM64.
- Experience with mobile application reverse engineering tools
- File format reverse engineering - Experience determining how files are structured, understanding the standard methods for encoding data from Base 64 to ASN1.
- Comfortable viewing, analyzing and understanding raw binary data
- Experience with relational database management systems (i.e. SQL and SQLite)
- Coding/Scripting - the ability to quickly write programs to accomplish point solutions in a variety of languages, such as C, C++, Python, PHP, Objective-C and Java
- Ability to analyze and decode data packets over a networked connection, and experience with network analysis tools (e.g. Wireshark).
- Protocols - knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML etc.
- Cryptoanalysis - possess an understanding of how symmetrical and asymmetrical encryption functions, certificate chain of trust, crypto weaknesses, etc.
- Previous experience working in an agile development environment with short duration tasking.
Desirable personal traits of willingness to:
- Work alongside others
- Teach co-workers and clients/customers;
- Learn new technical trades and become a resident expert with a team.
BAE Systems Intelligence & Security, based in McLean, Virginia, designs and delivers advanced defense, intelligence, and security solutions that support the important missions of our customers. Our pride and dedication shows in everything we do-from intelligence analysis, cyber operations and IT expertise to systems development, systems integration, and operations and maintenance services. Knowing that our work enables the U.S. military and government to recognize, manage and defeat threats inspires us to push ourselves and our technologies to new levels. That's BAE Systems. That's Inspired Work. Equal Opportunity Employer/Females/Minorities/Veterans/Disabled/Sexual Orientation/Gender Identity/Gender Expression. To see Inspired Work in action, visit www.baesystems.com and follow us on Facebook: www.facebook.com/baesystemsintel.
Back to top