Description:
Shift5 is seeking an experienced Staff Reverse Engineer to join our growing team. In this role, your primary responsibilities will be performing vulnerability research and exploit/cyber-attack development on operational technologies (OT) to support platform vulnerability assessments, customer-directed research, internal research, and to improve Shift5 core products. You will assess critical operational technology systems, reverse engineer their software and hardware, identify vulnerabilities, design exploits and attacks, build custom capabilities, and field your effects on live networks and platforms. You will play a crucial role in helping Shift5 defend critical national infrastructure, weapons platforms, and logistics by thinking like an attacker.
You will be a member of our Shift5 Research team and should be prepared to understand, reverse engineer, and find vulnerabilities in OT devices down to the hardware and firmware level. You should be quick and effective at deconstructing and understanding a firmware binary using a tool like Ghidra, IdaPro, etc. You should also have a strong understanding of C/C++ and other common embedded device programming languages, as well as embedded Real Time Operating Systems (RTOS) so that you fully understand the firmware/software functions of the device being researched. You should also be able to examine the hardware components of a device, identify chipsets, interpret datasheets, and extract firmware. Experience in reverse engineering either hardware or software is required.
You will be expected to build an understanding of how the platforms we work with operate to understand the impacts of cyber-physical attacks. You should be able to use documentation, raw data, and common reverse engineering techniques to produce a description of the message traffic on a serial data bus or a wireless protocol. Familiarity with serial data protocols such as MIL-STD-1553, CAN, ARINC 429, UART, SPI, I2C, etc. is preferred.
We’re looking for someone with an insatiable appetite for learning who frequently explores ways to make the impossible possible. Someone who embraces uncertainty, thrives in the unknown, and views incomplete information as an opportunity. You should have a passion for breaking things, believe no system is impenetrable, and trust we can keep others safe by identifying and overcoming weaknesses in critical systems. You must own what you build and understand the responsibility that comes with building tools that could cause damage to real systems and people’s lives. If this sounds like you, drop us a line because we’d love to start a conversation.
Shift5 is a rapidly growing data and cybersecurity scale-up. We specialize in capturing and analyzing serial bus data in real time, providing anomaly detection and operational intelligence required to act. Our insights provide real-time alerting and historical trends to assure mission readiness and cyber survivability, and our innovative technology enables military systems to deter adversaries, protect warfighters, and maintain their competitive edge. We are a collaborative, passionate and driven cadre of cyber security experts. Our engineers are multidisciplinary, and our team is dynamic. We’re a growing company focused on helping our customer’s fleets run smarter and safer by capitalizing on mountains of data resting right about the wheels. Come join us.
In this role you will be expected to:
We're looking for someone who is/has:
Compensation & Benefits:
We are committed to building an inclusive culture of belonging that embraces the diversity of our people and represents the communities in which we work and the customers we serve. We know the happiest and highest performing teams include people with diverse perspectives and ways of solving problems. We strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work.
Shift5 is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identify, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.