Operational Cyber Vulnerability Researcher (London or Gloucester)

BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments.

Operational Cyber’s vulnerability researchers perform deep research in to software, firmware and related systems in order to find 0-day vulnerabilities and perform further analysis on N-days. They have a thorough and low level understanding of how computers work including compilers, assembly language and the traits of specific programming languages that might culminate in security flaws. Often, they have gained this knowledge by first becoming an expert software engineer with experience of secure coding and code review practices established over a number of years.

They have a proven track record for finding vulnerabilities with recognition in the form of CVE or customer equity submissions with a tangible impact on mission and operational outcomes. Often the research they deliver leads to significant follow on capability development work by adjacent teams of researchers/software engineers.

In addition to their expert technical skills, they will approach research with an adversarial mind-set , are able to understand the mind-set and security posture of the original system developers - establishing what aspects may have been subject to human or systemic error and use their judgement to direct and prioritise our own (usually time limited) research.

They are proficient with a wide range of static and dynamic reverse engineering tools and consequently are able to research software with and without source code. They are expected to be an expert in at least one platform (e.g. Android, IOS, Linux or Windows). They will also have an understanding and practical experience of multiple supporting technologies (e.g. image and video codecs, networking, high performance computing, cryptography, computer forensics including malware analysis etc.).

For the purposes of research, they will be proficient in at least one programming language (e.g. Python) and may have experience of exploit development including payload implementation and modern security mitigations.

• As with any research, the output of our work needs to be communicated to our teams and customers with high technical accuracy with the researcher giving priority to documentation of any vulnerabilities, supporting research and tooling. They will be aware of all policy and legislative requirements of their work, including reverse engineering warrants and OpSec awareness. Researches 0-day vulnerabilities across a range of software, firmware and systems
• Perform further research into N-day vulnerabilities
• Perform static reverse engineering of binary components using appropriate tooling (e.g. Ghidra)
• Use dynamic reverse engineering and analysis tools (e.g. Frida, Unicorn, Sysinternals, API monitor)
• Establish representative research environments, managing OpSec risks as appropriate (e.g. offline environments)
• Develop proof of concepts, analysis plugins and supporting tooling using an appropriate programming language (e.g. Python, C++, C# etc.)
• Keep up to date with open source published research (e.g. Project Zero) and share this with others in the profession
• Demonstrate awareness of secure coding practices, current and future platform security mitigations
• Produce documentation including vulnerability write ups and supporting research
• Expert in at least one platform (e.g. Android, IOS, Linux, Windows)

Demonstrate a thorough and practical understanding of a range of technologies including

• • Image and video codecs
  • Networking including a variety of protocols
  • Real time and high performance computing
  • Multi-threading and asynchronous programming
  • Embedded systems
  • Cryptography
  • Computer forensics including malware analysis

Perform highly technical and low level research in to the art of the possible with cutting edge and/or undocumented technologies

Life at BAE Systems Digital Intelligence

We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day.

By embracing technology, we can interact, collaborate and create together, even when we’re working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being.

Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential.