Mid-Level Reverse Engineer

AnaVation is seeking a mid-level reverse engineer for our mission-critical customer. A successful candidate will use Reverse Engineering skills to tear down mobile applications to further customer’s mission.  Research results are initially turned into tools using python and may require mobile development skills to finalize tools. Successful candidate must have software development experience. 
Position is currently remote, with one visit per month to the Newington, VA location desired, but not required. Remote status is expected to continue on an ongoing basis subject to customer guidance.

Required Qualifications

• Experience using industry standard RE tools (IDA Pro, Ghidra, JEB, Hopper) to determine how closed-source software functions
• Experience developing, debugging and/or reverse engineering code for popular mobile programming languages (i.e., Java, Objective-C, Swift, etc.)
• Experience with the exploitation of mobile devices and/or the software within mobile devices to enable surveillance or access to protected information
• Experience determining how files are structured and identifying standard methods for encoding data
• Comfortable viewing, analyzing, and understanding raw binary data
• Ability to write programs in a variety of languages, such as C, C++, C#, Python and Java
• Understanding of how operating systems function, such as the separation between kernel and user space
• Knowledge of common mobile architectures and their associated instructions, including x86, ARM, and ARM64
• Experience working on multiple OS platforms, including Linux, Mac, Windows, Android, and iOS
• Experience with iOS and Android mobile development languages, including Java, Objective-C, or Swift
• Possession of exceptional interpersonal skills, including ability to: work alongside others, teach co-workers and clients/customers, and learn new technical trades and become a resident expert within a team
• Previous experience working in an agile development environment with short duration tasking
• BA or BS degree or six years of related experience 

Desired Qualifications

• Experience in identifying and exploiting vulnerabilities, such as memory corruption through stack overflows, heap overflows, integer overflows, and logical flaws
• Experience with mitigation to deter exploitation, such as ASLR, code signing, non-executable memory protections, and sandboxing
• Experience with methods to bypass exploit mitigation and detection techniques
• Experience with writing and running data fuzzers
• Expertise in analyzing results to identify vulnerabilities
• Understanding of how symmetrical and asymmetrical encryption functions and is implemented in various code flows
• Experience with relational database management systems (i.e., SQL and SQLite)
• Ability to analyze and decode data packets over a networked connection, and experience with network analysis tools (e.g., Wireshark)
• Knowledge of how IP/Serial based protocols work and how to reverse their format including checksums, MACs, encoding formats, HTTP, XML, etc.