Securities research analyst job description

STR is hiring a Cyber Security Researcher to be part of a multidisciplinary team of researchers and engineers dedicated to developing cutting-edge technology with significant and immediate impact on our national security. This role offers an excellent opportunity to work at the nexus of software and real-world physical systems.

The ideal Cyber Security Researcher will be motivated to work with a team developing technical solutions in a rapid-prototyping and results-driven environment while also looking to perform their own research and discover novel methods of accomplishing and automating cyber-related analysis tasks. Possible activities include emulating complex software in virtual environments, automating the discovery and extraction of code paths through firmware, and finding ways to automate the reverse engineering of systems. Researchers will be encouraged to identify reverse-engineering bottlenecks and develop their own solution to overcome them. The tools and techniques we develop and deliver are expected to meet high standards of craftsmanship, maintainability, and reuse. Therefore, experience with sound software engineering principles is valuable.
Duties will include:

Proposing new and novel methods for performing rapid binary analysis and emulation for unique cyber-physical software

Developing and own a set of reverse engineering and vulnerability research tools from ideation to deployment

Collaborating with reverse engineers and vulnerability researchers to incorporate feedback into developed tools

Participating in laboratory tests to collect and analyze real-world data for model verification and validation

Communicating the novelty and technical foundations of capabilities through reports and presentations to other employees and our customers

Required Skills:

Ability to obtain a Top Secret (TS) security clearance

BS, MS, or PhD in computer science, computer engineering, electrical engineering, physics, mathematics, or related field

Proficient in one or more high-level languages (C/C++ and/or Python), as well as their standard libraries

Experience with one or more software build and debug tools (GCC, Clang, GDB, CMake, Make, Visual Studio)

Have a general understanding of one of more low-level assembly languages (x86, ARM, MIPS)

Desired Skills:

Familiarity with the concepts of reverse engineering, binary emulation, and vulnerability research, including tools such as Ghidra, QEMU, and AFL++.

All STR employees may be subject to COVID-19 vaccination requirement in response to Executive Order 14042 and accompanying Task Force Guidance, unless a medical or religious accommodation is formally approved by STR.

STR is a growing technology company with locations near Boston, MA, Arlington, VA, near Dayton, OH, Melbourne, FL, and Carlsbad, CA. We specialize in advanced research and development for defense, intelligence, and national security in: cyber; next generation sensors, radar, sonar, communications, and electronic warfare; and artificial intelligence algorithms and analytics to make sense of the complexity that is exploding around us.

STR is committed to creating a collaborative learning environment that supports deep technical understanding and recognizes the contributions and achievements of all team members. Our work is challenging, and we go home at night knowing that we pushed the envelope of technology and made the world safer.

STR is not just any company. Our people, culture, and attitude along with their unique set of skills, experiences, and perspectives put us on a trajectory to change the world. We can't do it alone, though - we need fellow trailblazers. If you are one, join our team and help to keep our society safe! Visit us at for more info.

STR is an equal opportunity employer. We are fully dedicated to hiring the most qualified candidate regardless of race, color, religion, sex (including gender identity, sexual orientation and pregnancy), marital status, national origin, age, veteran status, disability, genetic information or any other characteristic protected by federal, state or local laws.

If you need a reasonable accommodation for any portion of the employment process, email us at and provide your contact info.

Pursuant to applicable federal law and regulations, positions at STR require employees to obtain national security clearances and satisfy the requirements for compliance with export control and other applicable laws.

We are now looking for an Offensive Hardware Security Researcher.

NVIDIA is looking for outstanding security researchers focused on internal offensive research across different hardware projects. Do you have experience with identifying hardware attacks, developing PoC, and tools for automation in hardware vulnerability research? We need you!

What you'll be doing:

+ You will identify vulnerabilities in our embedded software, building proof of concepts, and working with development teams to remediate

+ Develop improvements to current hardware security tools and practices for bug hunting

+ Use modern hardware tools for modeling new attack vectors

+ Thinking like a potential attacker, break things and guide effective fixes and defenses

What we need to see:

+ BS/BA degree in Computer Science or Computer Engineering or Electrical Engineering or equivalent experience

+ 6+ years of work experience in a Security related field.

+ Demonstrated experience offensive security research (CVE's, publications, tools) and responsible disclosure

+ A deep understanding of modern embedded cryptography and common security issues

+ Experience with ARM/X86 assembly, Verilog and low-level C programming

+ Understanding large SoC and ASIC architecture and design

+ Practical experience with microarchitectural attacks (side channels, fault injection, etc)

+ Experience with security code reviews of complex firmware projects and with secure code quality practices (SDL, threat modeling)

+ Background with attacks on TEE (TrustZone)

+ Ability to work collaboratively and remotely with others to accomplish complex goals

+ Demonstrate the ability to excel in an environment with complex software and hardware designs.

Ways to stand out from the crowd:

+ You have a deep understanding of Symbolic Execution (Z3, KLEE ...) for fuzzing tools

+ Knowledge of any or multiple common binary instrumentation frameworks

+ Hands on experience with Hex-Rays IDA Pro and plugin/loaders development

+ Experience with JTAG/SCAN/ChipWhisperer

Our invention of the GPU in 1999 sparked the growth of the PC gaming market, redefined modern computer graphics, and revolutionized parallel computing. More recently, GPU deep learning ignited modern AI - the next era of computing - with the GPU acting as the brain of computers, robots, and self-driving cars that can perceive and understand the world. Today, we are increasingly known as "the AI computing company". NVIDIA is widely considered to be one of the technology world's most desirable employers. We have some of the most forward-thinking and hardworking people in the world working for us. Are you a creative and autonomous architect with a genuine passion for advancing state of the art security features into silicon? Do you love a challenge? If so, we want to hear from you.

NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression , sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.

The future is what you make it.

When you join Honeywell, you become a member of our global team of thinkers, innovators, dreamers and doers who make the things that make the future.

That means changing the way we fly, fueling jets in an eco-friendly way, keeping buildings smart and safe and even making it possible to breathe on Mars.

Working at Honeywell isn't just about developing cool things. That's why all of our employees enjoy access to dynamic career opportunities across different fields and industries.

Are you ready to help us make the future?

The Honeywell Global Security (HGS) business believes in integrating security into all aspects of our business to protect the people, processes, and assets by which Honeywell achieves its greater mission. Advancements in technology, contractual and regulatory requirements, emerging threats, and Honeywell's growth worldwide continue to challenge all of us to ensure everything we do in business is secure.

The Cyber Security Researcher II - Penetration Testing reports to the Product Security Assurance Leader and will be responsible for assessing and evaluating the security posture of a variety of Honeywell Products and partner technologies. This role will be responsible for security services delivery, which may include use of application/network/firmware/hardware security toolsets, detection of security defects, and remediation consultation of those weaknesses. Our services support the identification of potential attack techniques and serve as the foundation for continuously improving the product development lifecycle.

Responsibilities:

+ Individual Contributor with Product Security Assurance Team

+ Deliver Security / Penetration Testing across diverse Honeywell products, solutions and services

+ Assist in the development of modular, repeatable, effective Security Testing processes

+ Partner with Tools and Technology Team to select, implement, develop, and automate testing with appropriate tools.

+ Work with cross functional teams to develop remediation suggestions

+ Report observations using our standardized reporting structure

YOU MUST HAVE

+ Bachelors degree

+ 2 years demonstrated experience in penetration testing, red teaming or offensive operations.

+ Must be a US Citizen due to contractual obligations.

WE VALUE

+ Exposure to security testing within the appropriate domain

+ Understanding of application protocols, development, and common attack vectors.

+ Good cybersecurity capabilities and strong software engineering skills

+ Experience with pentest tools and frameworks such as: Burp Suite, IDA Pro, GHidra, Kali, OWASP, Metasploit.

+ Scripting experience in Python, Powershell and Bash preferred.

+ Experience working with other languages such as C, C++, Java, .NET or javascript.

+ Basic understanding of security by design principles and architecture level security concepts

+ Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

+ Effective oral and written communication skills

+ Good interpersonal skills

+ Experience in security testing within the appropriate domain

+ Demonstrated project management skills.

+ Relevant Cyber Security certifications: CEH, OSCP, GPEN

+ Experience and knowledge of penetration testing methodologies and tools

+ Public speaking at Technical Conferences

+ 2+ years of application development

+ Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques.

HGS2021

#LI-Hybrid

Honeywell is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, religion, or veteran status.