Senior Android Vulnerability Researcher

at  Raytheon

Onsite
Android Vulnerability Research (Onsite)
Raytheon CODEX seeks smart, motivated, and self-driven Vulnerability Researchers to join our team and translate knowledge of system internals, fuzz testing tools, and vulnerability patterns into capabilities for our customers. Researchers will work as members of highly visible teams performing discovery, reverse engineering, and development against complex software applications. Android experience is highly desirable, but may be waived for experience with analogous systems (e.g. Linux derivatives or embedded OSs).
All candidates must be US citizens and be able to obtain and maintain a top secret government security clearance.
Our Culture
We foster an environment to develop and deliver capabilities that push beyond the state of the art. We directly invest in our engineers’ ideas and novel technologies, providing engineers paid hours to innovate for our customers. We host industry training for our staff in browser exploitation, OS internals, and reverse engineering. We encourage engineers to take risks, and approach problems in new ways. Our delivered software products feature novel exploitation techniques and new innovations developed by engineers with the freedom to occasionally fail. Our cafes are stocked with free snacks and beverages and lunch is catered weekly. We strive to create a relaxed culture dedicated to technical excellence and mission impact, where engineers are empowered and recognized for their success.
Benefits
In addition to competitive salaries, CODEX offers excellent benefits for you and your family: competitive medical, dental and vision plans, child, elderly and dependent-care programs, mental health resources, tuition assistance, employee discount programs, 401k matching, flexible work schedules, a peer recognition and reward system, and performance-based bonuses. CODEX provides funding for engineers to attend and participate in technical conferences including major security conferences like DefCon, ReCon, and SmooCon.
Position Description
Researchers will join successful engineering teams that break down target systems, applications, and software into subcomponents and trace dataflow from user & system inputs to potentially vulnerable functions on Android devices. Researchers are expected to apply static and dynamic analysis techniques for vulnerability identification including the use of public fuzz testing tools (e.g. AFL++), decompilers (e.g. Hex Rays), and disassemblers (e.g. IDAPro & Ghidra). Applicants are expected to perform novel research against proprietary network protocols, software architectures, multimedia formats, and evaluate both closed and open-source binaries.
Technical Requirements
Experience applying fuzz testing tools (e.g. AFL, AFL++, LibFuzzer), or performing static analysis to identify exploitable software vulnerabilities.
Experience reading assembly language, ARM/ARM64 preferred
Android or Linux system programming experience (e.g. POSIX APIs)
Experience with C/C++ compilation, and in-process memory layout
Experience programming with Python
Preferred Experience:
Experience developing against or working with large, open source projects (e.g. AOSP)
Experience developing and productizing exploits
Familiarity with AFL instrumentation, and code coverage
Familiarity with Android subsystems and components (e.g. Binder, Application loading, JNI, Dynamic ELF Loading)
Development of novel genetic search algorithms, and scoring techniques
Application of novel mutation schemes (e.g. Fuzilli)
Experience with APKs, and application packaging on Android devices
Familiarity with APK decompilation tools such as JEB, JADX or Dex2Jar
Employee Referral Award Eligibility
This requisition is eligible for an employee referral award. ALL eligibility requirements must be met to receive the referral award.
RTX Corporation is an Aerospace and Defense company that provides advanced systems and services for commercial, military and government customers worldwide. It comprises three industry-leading businesses – Collins Aerospace Systems, Pratt & Whitney, and Raytheon. Its 185,000 employees enable the company to operate at the edge of known science as they imagine and deliver solutions that push the boundaries in quantum physics, electric propulsion, directed energy, hypersonics, avionics and cybersecurity. The company, formed in 2020 through the combination of Raytheon Company and the United Technologies Corporation aerospace businesses, is headquartered in Arlington, VA.
To realize our full potential, RTX is committed to creating a company where all employees are respected, valued and supported in the pursuit of their goals. We know companies that embrace diversity in all its forms not only deliver stronger business results, but also become a force for good, fueling stronger business performance and greater opportunity for employees, partners, investors and communities to succeed.
The following position is to join our RTX Corporate, Enterprise Services, Research Center or BBN team:
What We Offer: Whether you’re just starting out on your career journey or are an experienced professional, we offer a robust total rewards package with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs. Some of the benefits we offer include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care.
Requires advanced to expert knowledge of work area typically obtained through advanced education combined with experience.
May have broad knowledge of project management. Requires substantial knowledge of RTX projects, programs or
systems in order to provide enhancements within job area. Typically requires: A University Degree or equivalent experience and minimum 8 years
prior relevant experience, or An Advanced Degree in a related field and minimum 5 years experience
Engineering/Other Technical Positions: Typically requires a degree in Science, Technology, Engineering or Mathematics (STEM) and a
minimum of 8 years of prior relevant experience unless prohibited by local laws/regulations.
The salary range for this role is 96,000 USD - 200,000 USD. The salary range provided is a good faith estimate representative of all experience levels. RTX considers several factors when extending an offer, including but not limited to, the role, function and associated responsibilities, a candidate’s work experience, location, education/training, and key skills.
Hired applicants may be eligible for benefits, including but not limited to, medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, flexible work schedules, employee assistance program, Employee Scholar Program, parental leave, paid time off, and holidays. Specific benefits are dependent upon the specific business unit as well as whether or not the position is covered by a collective-bargaining agreement.
Hired applicants may be eligible for annual short-term and/or long-term incentive compensation programs depending on the level of the position and whether or not it is covered by a collective-bargaining agreement. Payments under these annual programs are not guaranteed and are dependent upon a variety of factors including, but not limited to, individual performance, business unit performance, and/or the company’s performance.
This role is a U.S.-based role. If the successful candidate resides in a U.S. territory, the appropriate pay structure and benefits will apply.
RTX anticipates the application window closing approximately 40 days from the date the notice was posted. However, factors such as candidate flow and business necessity may require RTX to shorten or extend the application window.
RTX is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.