At Finite State, we are leveraging massive amounts of data to solve the next generation of security problems generated by the Internet of Things (IoT). We are seeking a Senior Security Researcher to help us provide comprehensive cybersecurity for modern networks. If you are an experienced self-starter who enjoys working in a fast-paced, collaborative environment, then we want to talk to you! This opportunity is also a remote position and does not require relocation.

Primary responsibilities for this position include:

  • The identification and understanding of OT/IIoT/IoT device & network security vulnerabilities and providing information and remediation guidance to customers and the R&D team
  • Stay on top of the vulnerability and threat landscape for embedded devices, OT networks, and their supply chains. Prepare guidance on counter-measures.
  • Reverse engineer and analyze device firmware contents, services, software applications, protocols, etc in order to discover N-day and 0-day vulnerabilities. Work with vendors for responsible disclosures.
  • Identify & prioritize security risks and build/identify tools to find risks in IoT devices
  • Support fast-paced customer engagements by reverse engineering and analyzing COTS and custom firmware.
  • Create detailed technical reports and proof of concept code to document findings
  • Take advantage of opportunities to participate in working groups, customer meetings, proposal writing, and conferences
  • Collaborate with marketing, product and sales on case studies related to IoT vulnerabilities and threats

Candidates at a minimum must have the following:

  • Bachelor’s degree in Computer Science, Electrical Engineering, or related field and 7+ years of applicable reverse engineering experience
  • Proven experience working in a vulnerability and security research team
  • Strong experience in implementing and utilizing static and dynamic analysis tools and interpreting results
  • Demonstrated understanding of common vulnerability & software weakness classes and MITRE frameworks
  • Familiarity with vulnerability standards and frameworks (such as OWASP IoT Top 10) and relevant security vulnerability lists, sites, and bulletins
  • Direct experience working closely with software engineers and stakeholders
  • Strong knowledge of embedded system architecture and development practices.
  • Experienced with several architectures such as ARM, MIPS, PPC, x86, and x64
  • Experienced with embedded operating systems such as embedded Linux, VxWorks, TI-RTOS, and other common real-time operating systems (RTOS).
  • Intimate familiarity and experience with disassemblers, debuggers, emulators and other reverse-engineering tools (Ghidra, IDA Pro, binwalk, GDB, QEMU, etc.).
  • Experience with programming and scripting languages, specifically C, Python and Bash, and automation of reverse engineering processes.

It’s highly preferred (but not required) that the candidate have experience with:

  • Experience working with or within a product security team
  • Product security experience
  • ML-based models
  • Threat Hunting
  • Networking concepts and the OSI network stack
  • AWS or similar cloud platform development
  • Experience on small, fast-moving teams
  • Strong attention-to-detail and high quality standards
  • Demonstrated ability to propose solutions to diverse problems
  • Strong communication and presentation skills
  • Ability to adjust priorities quickly as circumstances dictate
  • Ability to work independently and as part of a team
  • Demonstrated initiative, follow-up, and follow through with commitments

About Finite State

Built on two decades of cybersecurity experience serving the Fortune 50 and the U.S. Intelligence Community, our team of experts understands the hidden risks in today’s enterprise networks, where IoT vulnerabilities are quickly becoming the entry point of choice for cyber attacks.

Finite State gives cyber defenders a tactical advantage by identifying the devices running on the network and proactively analyzing firmware buried inside the IoT devices for hidden vulnerabilities. We have a sense of duty to protect the critical infrastructure we rely on including medical devices, power grids and telecommunication networks. We were founded in 2017 in Columbus, Ohio.

At Finite State, we are dedicated to hiring a diverse workforce and are proud to be an equal opportunity employer. We offer competitive salary, equity, full benefits (medical, dental, vision, disability and life-insurance), 401k plan and unlimited PTO, because we believe it is important to unplug and recharge.

Come help us solve one of the biggest problems in cyber security!

Finite State is an equal opportunity employer. In accordance with anti-discrimination law, it is the purpose of this policy to effectuate these principles and mandates. Finite State prohibits discrimination and harassment of any type and affords equal employment opportunities to employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law. Finite State conforms to the spirit as well as to the letter of all applicable laws and regulations.

Skills

Amazon Web Services
Embedded Operating Systems
Ghidra (Reverse Engineering Software)
Reverse Engineering