Strategic Analysis, Inc. is seeking to fill multiple positions with highly motivated and experienced Principal Scientist//Engineer to join our team. Successful candidates will lead activities in project management, technical and programmatic risk analysis, and program-funded test coordination. The candidate will also be responsible for coordinating meetings, assessing performer technical progress, projecting performer outcomes, and ensuring that project management best practices are followed by performers and independent verification and validation entities funded by DARPA. The ideal candidate should possess technical expertise and experience in reverse engineering and vulnerability research. Exemplary candidates will have demonstrated success with learning new subjects and rapidly gaining insights into current and next-generation research and prototyping, preferably with hands-on leadership of research and development programs in the defense sector.

QUALIFICATIONS:

• Active Top Secret clearance with SCI eligibility (TS/SCI) is required.
• Bachelor’s degree in Computer Science, Engineering, or a related field (Master’s degree preferred).
• 7-10 years of demonstrated experience in reverse engineering, vulnerability research, and red teaming.

• Expert-level proficiency in:
  o Disassembly and analysis of x86/x64, ARM, and embedded system architectures.
  o Utilizing reverse engineering tools such as IDA Pro, Ghidra, Binary Ninja, and debuggers (e.g., WinDbg, OllyDbg).
  o Identifying and exploiting vulnerabilities in software, firmware, and hardware.
  o Scripting and programming languages (e.g., Python, C/C++, Assembly).

  o Network protocols and analysis tools (e.g., Wireshark, tcpdump).

• Strong understanding of operating systems internals (Windows, Linux, RTOS).

• Experience with exploit development techniques, shellcode writing, and bypassing security mitigations.
• Excellent written and verbal communication skills, with the ability to effectively convey complex technical findings to both technical and non-technical audiences.

DESIRED QUALIFICATIONS:

• Experience with vulnerability disclosure processes and responsible disclosure practices.
• Contributions to open-source security tools or research publications.
• Relevant industry certifications (e.g., OSCP, OSCE, GPEN, GXPN, GREM).

• Utilize advanced reverse engineering techniques to analyze software, firmware, and hardware for vulnerabilities and potential exploitation vectors.
• Develop and execute red teaming engagements, emulating adversary tactics, techniques, and procedures (TTPs) to identify and exploit vulnerabilities in critical systems.
• Conduct in-depth vulnerability research, focusing on emerging threats, zero-day exploits, and advanced persistent threats (APTs).
• Develop proof-of-concept exploits and tools to demonstrate the impact of identified vulnerabilities and aid in the development of mitigation strategies.
• Provide expert technical guidance and recommendations to government stakeholders on vulnerability remediation, secure coding practices, and defensive countermeasures.
• Contribute to the development of threat intelligence products, technical reports, and briefings for senior government officials and technical stakeholders.
• Stay abreast of the latest trends in offensive security research, reverse engineering tools and techniques, and emerging exploit methodologies.