Embedded System Security Engineer - GTRI - CIPHER - Open Rank

at  Georgia Tech Research Institute

OVERVIEW:

The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,900 employees, supporting eight laboratories in over 20 locations around the country and performing more than $940 million of problem-solving research annually for government and industry. GTRI’s renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry.

PROJECT/UNIT DESCRIPTION

The Embedded Systems Vulnerability Division (ESVD) within CIPHER leverages extensive expertise in hardware, software, network, and RF communications to identify and evaluate cyber vulnerabilities in military assets, industrial control systems, and critical infrastructure systems. ESVD researchers participate in Department of Defense working groups on cyber
vulnerability assessments and collaborate with Georgia Tech faculty on the security of IoT and critical infrastructure systems. In addition, this position will create materials and lead professional education classes, and engage state and federal government leaders in strategic technical policy conversations.

REQUIRED MINIMUM QUALIFICATIONS

• Teaching experience at collegiate level
• Experience leading large technical efforts/teams

PREFERRED QUALIFICATIONS

• Active Top Secret Clearance
• Experience providing strategic technical direction and growth in OT cybersecurity research
• Documented examples of providing thought leadership and national recognition

TRAVEL REQUIREMENTS

10% - 25% travel

EDUCATION AND LENGTH OF EXPERIENCE

This position vacancy is an open-rank announcement. The final job offer will be dependent on candidate qualifications in alignment with Research Faculty Extension Professional ranks as outlined in section 3.2.1 of the Georgia Tech Faculty Handbook

• 14 years of related experience with a Bachelor’s degree in Information Technology, Telecommunications, Electrical Engineering, Computing Science, Data Science, or related.
• 12 years of related experience with a Masters’ degree in Information Technology, Telecommunications, Electrical Engineering, Computing Science, Data Science, or related.
• 9 years of related experience with a Ph.D. in Information Technology, Telecommunications, Electrical Engineering, Computing Science, Data Science, or related.

U.S. CITIZENSHIP REQUIREMENTS

Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.

JOB PURPOSE

The Embedded System Security Engineer will join an established team of experts in the vulnerability assessment of cyber physical systems. Performs firmware extraction, reverse engineering and vulnerability assessments of firmware running on embedded communications and cyber physical systems. Performs static and dynamic analysis of software/firmware using de-compiler tools for identification of system technical operating characteristics to reverse engineer system functionality, characterize protocols and interfaces, while identifying potential vulnerabilities. Researches, develops and uses existing side-channel analysis methods, such as clock and power glitching. Develops and demonstrates exploitation methods against identified vulnerabilities.

KEY RESPONSIBILITIES

Perform vulnerability analysis
Lead and/or contribute to white papers and proposals. Seek out and respond to opportunities for new research. Lead IRAD efforts to develop new innovative areas of research. - Lead the development and demonstration of techniques to gain unauthorized access to and/or exploit information networks. Lead the development and demonstration of mitigation techniques to protect systems. - Lead the development of innovative software analysis tools to assist in reverse engineering and vulnerability analysis - Research capabilities, implementation methods and security features of device under test to help in determining software functionality and potential weaknesses. Commonly evaluated devices include communications devices (radios, modems, routers), ICS and IoT devices. - Primary author of technical reports/presentations for projects of high complexity. Compile report input from other researchers and prepare final report deliverable.

ADDITIONAL RESPONSIBILITIES

• Lead Strategic Initiative IRAD projects to increase GTRI’s capabilities in securing multiple sectors of Critical Infrastructure.
• Lead proposal-writing teams to develop research programs with existing and new customers.
• Intelligence analyses of complex military and industrial systems and networks.
• Present technical briefings to senior government and industry officials.
• Primary author of technical reports/presentations for projects of high complexity.
• Develop cybersecurity content for new Georgia Tech Professional Education courses.
• Seek collaborative research relationships with Georgia Tech Academic Faculty.