Your new adventure starts at a BlueWing portfolio company.

Staff Reverse Engineer



rosslyn, arlington, va, usa
Posted on Friday, April 14, 2023


Shift5 is seeking an experienced Staff Reverse Engineer to join our growing team. In this role, your primary responsibilities will be performing vulnerability research and exploit/cyber-attack development on operational technologies (OT) to support platform vulnerability assessments, customer-directed research, internal research, and to improve Shift5 core products. You will assess critical operational technology systems, reverse engineer their software and hardware, identify vulnerabilities, design exploits and attacks, build custom capabilities, and field your effects on live networks and platforms. You will play a crucial role in helping Shift5 defend critical national infrastructure, weapons platforms, and logistics by thinking like an attacker.

You will be a member of our Shift5 Research team and should be prepared to understand, reverse engineer, and find vulnerabilities in OT devices down to the hardware and firmware level. You should be quick and effective at deconstructing and understanding a firmware binary using a tool like Ghidra, IdaPro, etc. You should also have a strong understanding of C/C++ and other common embedded device programming languages, as well as embedded Real Time Operating Systems (RTOS) so that you fully understand the firmware/software functions of the device being researched. You should also be able to examine the hardware components of a device, identify chipsets, interpret datasheets, and extract firmware. Experience in reverse engineering either hardware or software is required.

You will be expected to build an understanding of how the platforms we work with operate to understand the impacts of cyber-physical attacks. You should be able to use documentation, raw data, and common reverse engineering techniques to produce a description of the message traffic on a serial data bus or a wireless protocol. Familiarity with serial data protocols such as MIL-STD-1553, CAN, ARINC 429, UART, SPI, I2C, etc. is preferred.

We’re looking for someone with an insatiable appetite for learning who frequently explores ways to make the impossible possible. Someone who embraces uncertainty, thrives in the unknown, and views incomplete information as an opportunity. You should have a passion for breaking things, believe no system is impenetrable, and trust we can keep others safe by identifying and overcoming weaknesses in critical systems. You must own what you build and understand the responsibility that comes with building tools that could cause damage to real systems and people’s lives. If this sounds like you, drop us a line because we’d love to start a conversation.

Shift5 is a rapidly growing data and cybersecurity scale-up. We specialize in capturing and analyzing serial bus data in real time, providing anomaly detection and operational intelligence required to act. Our insights provide real-time alerting and historical trends to assure mission readiness and cyber survivability, and our innovative technology enables military systems to deter adversaries, protect warfighters, and maintain their competitive edge. We are a collaborative, passionate and driven cadre of cyber security experts. Our engineers are multidisciplinary, and our team is dynamic. We’re a growing company focused on helping our customer’s fleets run smarter and safer by capitalizing on mountains of data resting right about the wheels. Come join us.

In this role you will be expected to:

  • Travel to customer sites on average 15-20% of the time.
  • Work in a hybrid model, local to Shift5 HQ in Rosslyn, VA.
  • Reverse engineer firmware/software binaries/hardware using the tools of your choice.
  • Reverse engineer serial data protocol traffic using Shift5 products and the tools of your choice.
  • Write code in C/C++ and/or Python to demonstrate your findings and build general OT red teaming tools.
  • Conduct system decompositions, vulnerability assessments, and penetration tests of OT platforms like planes, trains, and tanks.
  • Identify remote, proximal, and local cyber access vectors into platform networks, identify critical cyber components of the system, then build and demonstrate effective attacks against systems. Remote/proximal vectors may include RF datalinks such as UHF/VHF/SATCOM, and others like WiFi and Bluetooth so experience with RF and signal protocols is a plus.
  • Write reports to record your findings and convey them to the Program Manager for inclusion into a final report.
  • Effectively communicate both verbally and in writing, technical findings and concepts to internal stakeholders and customers.
  • Work with Cyber Threat Engineers to develop the rules, signatures, and heuristics for Shift5 cybersecurity products protecting OT systems and serial networks as part of a team.
  • Work with the Cyber Threat Analysts to understand the OT threat landscape and to collect pertinent data to project objectives.
  • Be flexible and ready to learn. You will receive a wide variety of work in support of more general Shift5 Research priorities. For example, you might be asked to develop a prototype software capability that decodes a proprietary serial protocol, review rules and heuristics to ensure proper cyber detection, provide an attacker’s perspective in a white paper, or provide a briefing to a senior leader about the technical implications of a vulnerability that you found.
  • Become a systems expert in one or more industries such as aviation, rail, weapons systems, maritime, space systems and others.
  • Work in a startup environment where your skills are exceptional, direction can shift, pace is expedient, and failure is not an option.

We're looking for someone who is/has:

  • Required:
    • Active US Government TS/SCI clearance.
    • BS or MS in Computer Science, Electrical Engineering, Computer Engineering, or equivalent.
    • Experience in reverse engineering software/firmware or hardware of complex embedded systems.
    • Experience in red teaming, vulnerability research, and cybersecurity.
    • Knowledge of processor architectures and reading and writing assembly languages
    • Experience with multiple programming languages like C/C++, Python, Java, Go, Rust, etc.
    • Expert proficiency in communication and network protocols, computer architecture, and binary analysis.
    • Experience with program analysis topics like dataflow analysis, compiler design, and symbolic execution.
    • Ability to efficiently multitask and accommodate change of priorities on-demand.
  • Preferred:
    • Experience in serial bus protocols like MIL-STD-1553, ARINC429, CANBus, etc.
    • Experience with avionics, rail systems, and weapons systems cybersecurity.
    • Knowledge of aviation and military standards like ARINC, RTCA, and others.
    • Proven ability to defeat security features or write exploits (e.g. published CVEs).

Compensation & Benefits:

  • Competitive salary and stock options in a fast-growing startup
  • Employer-paid medical, dental and vision coverage for employees and their families
  • Health Savings Account with annual employer contributions
  • 401k with employer contributions
  • Employer-paid Life Insurance
  • Uncapped paid time off policy
  • Flexible work & remote work policy
  • Tax-deferred public transit benefits with Metro SmartBenefits (DC/MD/VA)

We are committed to building an inclusive culture of belonging that embraces the diversity of our people and represents the communities in which we work and the customers we serve. We know the happiest and highest performing teams include people with diverse perspectives and ways of solving problems. We strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work.

Shift5 is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identify, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.