Vulnerability Researcher I​/II; Cyber

Vulnerability Researcher I/II (Cyber
253)

Research Innovations, Inc. (RII) is breaking through the big, slow, status quo with transformative technology that fundamentally changes and improves the world. We develop cutting‑edge software for all levels of the government and military, using agile development practices and user‑centered design to create innovative solutions for complex real‑world problems.

We are seeking a dedicated Vulnerability Researcher to join our Cyber Security team. As a Vulnerability Researcher at RII, you will play a pivotal role in solving unique and challenging problems for our esteemed Defense and Homeland Security customers. This position requires a proactive mindset, deep technical expertise in vulnerability research, reverse engineering, and exploit mitigations/bypasses, and a drive to live one of our core values:
Get s#!t done.

Top Secret Clearance with SCI eligibility required.

• Conducting in‑depth reverse engineering and vulnerability analysis across various architectures and platforms, including x86/64, ARM, Power
  
  PC, and more
• Researching and analyzing operating system and application internals, identifying and understanding security strengths and weaknesses of those systems
• Developing and enhancing functionality by adding features and capabilities to undocumented interfaces
• Modeling and analyzing in‑memory compiled application behavior to identify potential vulnerabilities and improve security measures
• Developing and understanding mobile/embedded systems and kernel modules, particularly related to vulnerability research
• Participating actively in our extensive Vulnerability Research mentorship program, sharing knowledge and collaborating with colleagues

• Proficient understanding of wireless networking and associated security protocols, such as Wi‑Fi
• Strong grasp of legacy exploit mitigations and bypass techniques, including but not limited to Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP/NX), Stack Cookies (Canaries), and Control Flow Integrity (CFI). Experience in identifying and circumventing these security measures
• In‑depth knowledge of both security and network fundamentals, such as cryptography, authentication, access control, and network protocols (TCP/IP, UDP, DNS, HTTP, etc.)
• Programming experience with both scripted languages (preferably Python3) and compiled languages (preferably
  
  C). Ability to write efficient and secure code for vulnerability research and exploit development
• Familiarity with low‑level architectures such as x86, ARM, or MIPS
• Experience with operating system internals and implementations, including Windows, Linux, or macOS
• Excellent oral, written, and interpersonal communication skills, with the ability to effectively convey complex technical concepts and interact with customers and team members alike

• Experience with vulnerability research and reverse engineering of real‑time operating systems (RTOS), such as FreeRTOS, QNX, or Vx Works
• Bachelor's or postgraduate degree in Computer Science, Computer Engineering, or a related field
• Experience with software protection and binary armoring techniques, such as anti‑debugging, code obfuscation, or tamper resistance
• Proficiency in agile development methodologies, including Scrum or Kanban, for efficient collaboration and iterative development in a cybersecurity context
• Familiarity with low‑level iOS/Android development and associated security considerations, such as jail breaking or rooting, application sandboxing, or secure interprocess communication (IPC)
• Knowledge of hypervisors and their security implications, including virtualization‑based security, guest escape vulnerabilities, or hypervisor‑based rootkits
• Proficiency in malware analysis, including static and dynamic analysis techniques, behavioral analysis, and code deobfuscation
• Experience with constraint solving techniques, such as symbolic execution, theorem proving, or model checking, for vulnerability identification, verification, and exploit generation
• Background in machine learning, particularly in the context of vulnerability analysis and detection, such as using ML…