Principal Cyber Tool and Capability Developer

Overview:

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit

Job Description Summary:

Draper is actively seeking a Principal Cyber Software Engineer that will support current and future cybersecurity, machine learning, and cyber tool development projects across a variety of domains supporting the United States of America's national interest. Due to the variety of USG organizational needs, our technical efforts and opportunities vary from conventional cyber operations enablement tooling to embedded vulnerability research and exploit development on a wide range of devices and systems. We are looking for enthusiastic and ambitious individuals to join and lead our growing set of programs and innovate for the greater good of our Nation's security. As a part of the Draper Cyber Software team, you will drive the design and development of software tools and capabilities, perform static and dynamic analysis on diverse firmware and software, and share your expertise with others via mentoring and technical leadership opportunities. You will be a part of a multi-disciplinary team with expertise in a wide array of technologies and skills such as embedded systems, compiler theory, threat intelligence, fuzzing, binary analysis, and vulnerability research.

Job Description:

Duties/Responsibilities

• Assess hardware and software for security vulnerabilities using a breadth of technologies and techniques.
• Develop software that meets behavior and security requirements for tailored applications.
• Integrate software capabilities with other tasks or groups to improve performance or behavior requirements.
• Create new tools and systems to detect and exploit vulnerabilities and system weaknesses.
• Document nominal application and system functionality, in addition to implemented changes.
• Independently drive solutions to complex problems - develop requirements, propose ways forward when customer requirements are unclear or incomplete, and adapt appropriately to changes in requirements.
• Subject Matter Expert (SME) in cyber security, able to plan, design, and execute large scale technical software and hardware solutions.
• Able to provide insight and suggest design modifications based on analysis outcomes, and to apply analysis techniques across a range of technical disciplines.
• Identify program/system-level technical risks and develop and execute mitigation strategies.
• Develop, document, and teach best practices to less experienced engineers; Demonstrate strong organization, planning, and time management skills to achieve program goals.
• Performs other related duties as assigned.

Skills/Abilities

• Curiosity-driven approach to solving complex, customer-driven problems as part of a multi-disciplinary team.
• Collaborate and communicate effectively and openly with multi-disciplinary program team members, program leadership, and non-technical personnel.
• Be a team player able to work in a fast-paced environment with the ability to balance multiple competing tasks and demands.

Education
Requires a bachelor's in computer science, computer engineering, or related field.



Experience
10-15 years experience in Cybersecurity or related field is required.

Additional Job Description:

Software Development and Program/Binary Analysis :

• Expertise in developing custom low-level software tools and integrating those tools into complex (both embedded and non-embedded) systems.
• Expert at using contemporary program analysis methodologies and techniques (static and dynamic). Relevant tools include Ghidra, Ida, Binary Ninja, Radare, Angr, debuggers (GDB, winDBG), emulation tools (Qemu), fuzzers (AFL++), etc.
• Experience with techniques that prevent reverse engineering and employ obfuscation or diversification.
• Proven background in researching and exploiting software vulnerabilities.
• Proficiency using secure coding practices and mitigation techniques against software attack vectors.
• Expert at using programming languages and their build systems such as: C, C++, Python, GoLang, Rust.
• Experience in compiler toolchain development such as building custom LLVM passes. Experience with leveraging the different stages of compilation i.e. intermediate representation.
• Experience in building high-quality code and helping others to meet those same coding standards.

System and Architecture:

• Proficiency with the core workings of operating systems (user mode, kernel mode, boot processes), especially in Windows, GNU/Linux, or RTOS contexts.
• Proficiency in leveraging a variety of computing architectures and their associated assembly languages (e.g. x86, ARM, RISCV, etc.).

Leadership and Business Development:

• Proven track record of leading tasks and projects. Knowledge and expertise in creating project timelines, executing task delegation, and prioritizing project goals in order to meet contractual obligations.
• Experienced in communicating project progress and goals to clients/sponsors. Ability to receive feedback and adapt to changes in project schedule/goals given client/sponsor needs.
• Effective using different communication styles depending on team needs. Experience communicating during difficult situations.
• Experience with presenting technical concepts to both technical and non-technical audiences.
• Experience participating in proposal writing and business winning.

Preferred Qualifications:

• Experience with creating technical strategies at the organization level. Ability to leverage knowledge of the state-of-the-art, a company’s expertise and niche skills, and client/sponsor needs to generate technical goals for an organization.
• Experience with seeing a project through from inception to delivery.
• Expertise in building reverse engineering automation tools and analysis frameworks.
• Experience in leveraging machine learning (where appropriate) to automate cyber software tool development and program analysis.
• History of business winning; proven experience leading proposals that resulted in new business.
• Background in proposing and executing R&D projects and exploring novel, cutting-edge concepts that are high risk, high reward. History of transitioning these projects to client/sponsor funded programs.

This role is onsite in Cambridge, MA or Reston, VA. Applicants selected for this position will be required to obtain and maintain a government security clearance. Having an existing TS/SCI is preferred.

Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.

Job Location - City:

Cambridge

Job Location - State:

Massachusetts

Job Location - Postal Code:

02139-3563

The US base salary range for this full-time position is

$95,000.00 - $245,000.00

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and does not include bonuses or benefits.

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now

Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact [email protected].