Offensive Cyber Security Researcher - Riverside Research Institute
Lexington, MA 02421
About the Job
For better or worse, there is almost no facet of our modern world that works without a computer system. Virtually all of those computer systems rely on “systems software” to manage distinct tasks and bridge the gap between hardware and higher-level software. Whether it is an embedded system using tightly-coupled FPGA fabric to offload performance- or security-critical tasks or a server using a hypervisor to manage co-resident guests, there is low-level code making sure that higher-level code can see a sane and well-ordered world. That lower-level code is full of complexity as it works to bridge the gap from the realities of diverse hardware ISAs to higher-level abstractions. It is also foundational to the security story of all of our systems. At Riverside Research, the Secure and Resilient Systems group works to strengthen that code to provide our customers with secure foundations for their mission-critical software stacks. This is essential to getting ahead of the attacker rather than playing whack-a-mole with bug fixes.
Riverside Research is seeking an offensive cyber security researcher to support research and development of cutting-edge systems security technologies. As a key member of our Secure and Resilient Systems team, the researcher will prototype new features in a variety of disciplines ranging from offensive cyber vulnerability and exploitation assessment to implementing new security features in any level of the software stack. Strong fundamentals in software development practices for large projects (version control, debugging techniques, etc) and an understanding of the system software stack and the software/hardware interface will be critical for efficiently designing and prototyping dramatic features that advance the state of the art in cybersecurity.
The researcher will contribute to a diverse team responsible for developing offensive and defensive security features. They will be expected to prototype and push both code and accompanying documentation/design documents. Additionally, they will engage in the research process by assisting the team to design solutions to new challenges, break big problems into subtasks, implement features, and evaluate the resulting prototypes. All members of our group are expected to develop the writing skills necessary to communicate their ideas and results to internal and external stakeholders.
The research scientist should have experience in C/C++, at least one assembly language, Python, and, for bonus points, Rust. A good candidate should be able to explain why BOTH C and Rust are on this list and why Python is on this list (even though no system software is written in Python). An ideal candidate for this position would have experience writing code that interacts directly hardware and be able to explain the challenges of working at the software/hardware interface and how they’ve overcome those challenges in the past.
Responsibilities:- Help the group design innovative offensively driven security solutions to customer problems related to systems software
- Build new tools and/or capabilities in languages like C/C++, Python, Rust, Assembly, etc.
- Contribute to whitepapers and/or published papers that document innovative work performed.
- Document and communicate design decisions, technical challenges, and progress to technical program management
- Collaborate with team members on debugging programs, pair programming, reviewing papers/proposals, etc.
- Participate in relevant internal and customer meetings
- Bachelor's degree, preferred in related technical field, such as computer science, computer engineering, electrical engineering, or cybersecurity and 5 years of experience or 3 years and a Masters
- Strong software development fundamentals for working inside a large project (e.g., submitting PRs, interacting with open-source communities and mailing lists, git branches/merges/rebasing, build systems, etc)
- Must be eligible to obtain a Top Secret security clearance.
- Communication and creative skills to develop, prototype, benchmark, and document significant security features integrated into existing systems security technologies
- Proficiency in programming languages C/C++, Python, and Assembly (e.g., x86-64, ARM)