Cyber Vulnerability Research Engineer

Maximus TCS (Technology and Consulting Services) Internal Job Profile Code: TCS033, T3, Band 6

Job-Specific Essential Duties and Responsibilities:

- Conduct advanced vulnerability research across software, firmware, and hardware platforms to uncover exploitable conditions.

- Reverse engineer binaries and embedded systems using tools like IDA Pro, Ghidra, and x64dbg to identify zero-day vulnerabilities.

- Develop and test proof-of-concept exploits in controlled environments to validate findings.

- Collaborate with red and blue teams to simulate adversarial tactics and strengthen defensive cyber capabilities.

- Contribute to vulnerability databases and automated detection tools to support enterprise cyber resilience.

- Integrate findings into secure software development lifecycles (SSDLC) and DevSecOps pipelines.

- Present technical research and threat assessments to stakeholders, translating complex findings into actionable recommendations.

Job-Specific Minimum Requirements:

- Bachelor's degree in Computer Science, Cybersecurity, or a related field.

- Minimum 5 years in technology consulting.

- At least 3 years supporting federal government or DoD environments.

- One of Required Certifications:

- Offensive Security Certified Professional (OSCP).

- Offensive Security Certified Expert (OSCE).

- GIAC Reverse Engineering Malware (GREM).

- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN).

- Proficiency in reverse engineering and exploit development.

- Experience with debuggers/disassemblers (e.g., IDA Pro, Ghidra, x64dbg).

- Strong understanding of software/hardware vulnerabilities (e.g., buffer overflows, logic flaws).

- Proficiency in assembly, C/C++, and scripting languages (Python, Bash, PowerShell).

- Familiarity with vulnerability research frameworks and bug-hunting methodologies.

- Experience with containerized environments (Docker, Kubernetes) and cloud platforms (AWS, Azure, GCP).

- Ability to integrate findings into SSDLC and DevSecOps pipelines.

Preferred Skills and Qualifications:

- Experience participating in bug bounty programs or coordinated vulnerability disclosure efforts.

- Familiarity with exploit mitigations and bypass techniques (e.g., ASLR, DEP, CFG).

- Knowledge of malware analysis, threat emulation, and post-exploitation tactics.

- Hands-on experience with red teaming or digital forensics in DoD or federal environments.

- Understanding of threat modeling frameworks (e.g., MITRE ATT&CK, Cyber Kill Chain).

- Experience with cloud-native security tools and container orchestration platforms.

- Ability to work in agile R&D environments, contributing to both offensive and defensive cyber innovation.

- Strong presentation skills for briefing technical findings to leadership and mission stakeholders.

#techjobs #clearance #veteransPage

Minimum Requirements

TCS033, T3, Band 6

EEO Statement

Maximus is an equal opportunity employer.

We evaluate qualified applicants without regard to rac...