Job Type: Full time
Date Posted:2024-02-27Country:United States of AmericaLocation:VA128: 4075 Wilson Blvd, Arlington 4075 Wilson Boulevard Suite 500, Arlington, VA, 22217 USAPosition Role Type:OnsiteAndroid Vulnerability Research (Onsite)Raytheon CODEX seeks smart, motivated, and self-driven Vulnerability Researchers to join our team and translate knowledge of system internals, fuzz testing tools, and vulnerability patterns into capabilities for our customers.  Researchers will work as members of highly visible teams performing discovery, reverse engineering, and development against complex software applications. Android experience is highly desirable, but may be waived for experience with analogous systems (e.g. Linux derivatives or embedded OSs).All candidates must be US citizens and be able to obtain and maintain a top secret government security clearance.Our CultureWe foster an environment to develop and deliver capabilities that push beyond the state of the art. We directly invest in our engineers’ ideas and novel technologies, providing engineers paid hours to innovate for our customers. We host industry training for our staff in browser exploitation, OS internals, and reverse engineering. We encourage engineers to take risks, and approach problems in new ways. Our delivered software products feature novel exploitation techniques and new innovations developed by engineers with the freedom to occasionally fail.  Our cafes are stocked with free snacks and beverages and lunch is catered weekly. We strive to create a relaxed culture dedicated to technical excellence and mission impact, where engineers are empowered and recognized for their success.BenefitsIn addition to competitive salaries, CODEX offers excellent benefits for you and your family: competitive medical, dental and vision plans, child, elderly and dependent-care programs, mental health resources, tuition assistance, employee discount programs, 401k matching, flexible work schedules, a peer recognition and reward system, and performance-based bonuses. CODEX provides funding for engineers to attend and participate in technical conferences including major security conferences like DefCon, ReCon, and ShmooCon.Position DescriptionResearchers will join successful engineering teams that break down target systems, applications, and software into subcomponents and trace dataflow from user & system inputs to potentially vulnerable functions on Android devices. Researchers are expected to apply static and dynamic analysis techniques for vulnerability identification including the use of public fuzz testing tools (e.g. AFL++), decompilers (e.g. Hex Rays), and disassemblers (e.g. IDAPro & Ghidra). Applicants are expected to perform novel research against proprietary network protocols, software architectures, multimedia formats, and evaluate both closed and open-source binaries.Technical RequirementsExperience applying fuzz testing tools (e.g. AFL, AFL++, LibFuzzer), or performing static analysis to identify exploitable software vulnerabilities.Experience reading assembly language, ARM/ARM64 preferredAndroid or Linux system programming experience (e.g. POSIX APIs)Experience with C/C++ compilation, and in-process memory layoutExperience programming with PythonPreferred Experience:Experience developing against or working with large, open source projects (e.g. AOSP)Experience developing and productizing exploits              Familiarity with AFL instrumentation, and code coverageFamiliarity with Android subsystems and components (e.g. Binder, Application loading, JNI, Dynamic ELF Loading)Development of novel genetic search algorithms, and scoring techniquesApplication of novel mutation schemes (e.g. Fuzilli)Experience with APKs, and application packaging on Android devicesFamiliarity with APK decompilation tools such as JEB, JADX or Dex2JarEmployee Referral Award EligibilityThis requisition is eligible for an employee referral award. ALL eligibility requirements must be met to receive the referral award.About Cybersecurity, Intelligence and ServicesThe Cybersecurity, Intelligence and Services (CIS) business provides technically advanced full-spectrum cyber, data operations, systems integration and intelligence mission support services to meet our customers’ most demanding challenges. Our capabilities include cyber space operations, cyber defense and resiliency, vulnerability research, ubiquitous technical surveillance, data intelligence, lifecycle mission enablement, and software modernization. CIS brings disruptive technologies, agility, and competitive offerings to customers in the intelligence community, defense, civil, and commercial markets#CISJobsWhat We Offer: Whether you’re just starting out on your career journey or are an experienced professional, we offer a robust total rewards package with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the benefits we offer include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care.Requires advanced to expert knowledge of work area typically obtained through advanced education combined with experience.May have broad knowledge of project management. Requires substantial knowledge of RTX projects, programs orsystems in order to provide enhancements within job area. Typically requires: A University Degree or equivalent experience and minimum 8 yearsprior relevant experience, or An Advanced Degree in a related field and minimum 5 years experienceEngineering/Other Technical Positions: Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and aminimum of 8 years of prior relevant experience unless prohibited by local laws/regulations.The salary range for this role is 96,000 USD - 200,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.Privacy Policy and Terms:Click on this link to read the Policy and Terms