Senior CNO Software Engineer – OS, Hypervisor, UEFI/BIOS Specialist Position Available In Suffolk, Massachusetts

Job Description Summary:

Draper’s Offensive Cyber Security Group is looking for a CNO Software Engineer to develop tailored solutions to meet our DoD and IC Sponsor directives. Our organization’s not-for-profit status ensures a capability-driven focus on the United States of America’s national interests that allows us to address some of our Nation’s most pressing challenges. Due to the variety of USG organizational needs, our technical efforts and opportunities vary from conventional cyber operations enablement tooling to embedded vulnerability research and exploit development on a wide range of devices and systems.

Job Description:

+ Assess hardware and software for security vulnerabilities using a breadth of technologies and techniques. + Develop software that meets behavior and security requirements for tailored applications. + Integrate software capabilities with other tasks or groups to improve performance or behavior requirements. + Create new tools and systems to detect and exploit vulnerabilities and system weaknesses. + Document nominal application and system functionality, in addition to implemented changes. + Drive solutions to complex problems with limited direction – contribute to requirements. development, propose ways forward, and adapt appropriately to changes in requirements. + Provides insight and suggest design modifications based on analysis outcomes, and to apply analysis techniques across a range of technical disciplines. + Identifies program/system-level technical risks and develop and execute mitigation strategies. + Actively mentor less experienced engineers and provide thoughtful, constructive feedback. + Curiosity-driven approach to solving complex, customer-driven problems as part of a multi-disciplinary team. + Collaborate and communicate effectively and openly with multi-disciplinary program team members, program leadership, and non-technical personnel. + Be a team player able to work in a fast-paced environment with the ability to balance multiple competing tasks and demands. Experience 5-10 years’ experience in Cybersecurity or related field is required.

Additional Job Description:

Software Development:

+ Proficiency in developing kernel modules, drivers, or firmware for Windows, GNU/Linux, RTOS, or

UEFI/BIOS.

+ Proficiency in implementing hypervisor internals, including VM lifecycle management and hardware emulation. + Proficiency in crafting custom bootloaders or firmware instrumentation for forensic data collection (e.g. UEFI). + Proficiency in techniques that prevent reverse engineering and employ obfuscation or diversification.

System and Architecture:

+ Proficiency with core workings of operating systems (user mode, kernel mode, boot processes), particularly in Windows, GNU/Linux, or RTOS contexts. + Proficiency in analyzing OS internals for forensic evidence extraction. + Proficiency in reverse engineering closed-source hypervisors, firmware, or OS components to uncover system artifacts. + Proficiency in dissecting memory management, interrupt handling, and system calls for forensic traces or anomaly detection.

Forensics and Incident Response:

+ Proficiency in capturing and analyzing memory dumps, crash reports, runtime logs from OS and hypervisor environments. + Proficiency in

BIOS/UEFI

forensic analysis, focusing on firmware modifications, bootkits, or tampered configurations. + Proficiency in utilizing system internals to identify persistence mechanism, hidden processes, or kernel-level rootkits.

Languages and Development:

+ Proficiency with programming languages and their build systems such as: C, C++, Python, GoLang, Rust. + Proficiency with software version control systems.

Leadership and Business:

+ Successful history in authoring of technical proposals and documents. + Leadership in advanced R D initiatives, including government-funded projects. + Leadership of critical programs with more than two full time staff members. + Proficient in teamwork and communication with diverse audiences. Applicants selected for this position will be required to obtain and maintain a government TS/SCI security clearance