Senior Firmware Reverse Engineer, CNO

The Company

Legion X is a services company headquartered in Arlington, VA that develops on-demand, custom cyber solutions through applied research, prototyping, and engineering services. We are a small, tight-knit company built and run by engineers who pursue the most interesting and impactful cyber vulnerability research we can find. We take on tasks like vulnerability assessments, exploit development, cyber vulnerability research, penetration tests, firmware reverse engineering, hardware reverse engineering, customized test rigs, capability development, and CNO support for both government and commercial customers. Our vision is to be the premier cyber vulnerability research and red team outfit in the nation.

We are a small, new company embracing what we believe to be the best and most efficient ways of working in the modern era of cybersecurity. That means freedom and flexibility but also responsibility. If you are self-motivated, battle tested, and driven to understand a system so you can exploit it, then we encourage you to apply. We are looking for experts and excellent human beings we want to work with for a long time, and are willing to explore equity options for applicants so that the best come, stay, and hack together.

The Role

You are applying for the role of Senior Firmware Reverse Engineer, CNO. The role is a technical individual performer with lots of room for advancement to building teams, leading teams, and running the company as Legion X grows (if that is what you desire, there is no requirement to ever move to management). A Senior Reverse Engineer, CNO is an experienced firmware reverse engineer who can analyze functionality of a binary with little to no help or outside input. You will be expected to receive and execute tasks from engineering supervisors, analyze binary files that use a variety processor architectures (e.g. x86, ARM, PowerPC, etc.), use popular reverse engineering tools like Ghidra/IdaPro/etc., identify vulnerabilities in reverse engineered code (e.g. buffer overflows, weak protocol implementation, etc.), communicate the details of those vulnerabilities verbally and in writing, build proof-of-concept demonstrations of the vulnerabilities, and employ best practice techniques per customer requirements. You will be focused on firmware found in operational technology platforms like drones, planes, industrial facilities, cars, ships, and even weapon systems. For this position, you must be a US citizen who is TOP SECRET clearance eligible.

In practical terms, if we gave you a computerized component of a car and a copy of the firmware binary running on it, could you identify and technically describe its cyber vulnerabilities? Could you build a tool that demonstrates one of those vulnerabilities?

Application Requirements

Before you apply, make sure you meet these requirements or you will be rejected:

US Citizen with TOP SECRET clearance eligibility

Experience and skillset aligned with the role (firmware reverse engineering experience and skills; cyber vulnerability research skills; protocol analysis skills; communication skills; self-motivation and drive; clear interest in the work)

We do not have Certification or Degree requirements for this position -- your skill alone sets you apart

Willingness to do at least one oral technical interview (1 hour long) over a virtual conferencing solution (like Zoom) in the period of 9am - 6pm Eastern. We can possibly accommodate other times if you ask.

There are also preferred skills and attributes that will strengthen your application:

C/C++ programming experience

CNO experience

Hands-on hardware experience

RF experience

Firmware programming experience

Willingness to work on-site for short periods (1-3 days) at various customer sites around the Northern Virginia/DC/Maryland region.

Understand that the best applicants will be both strong technical and strong cultural fits.

Compensation

We are a small company yet we strive to compensate every employee as best we can. We manage to offer low-to-no deductible healthcare, competitive salaries, equity options, profit-sharing options, retirement benefits, fitness/gym benefits, a hardware/home office stipend, security clearances, holidays, PTO, and a firm belief in work-life balance. We also accept good ideas and are open to hearing exactly what compensates you best.

Non-Discrimination

We will not discriminate based on race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, disability, age or genetic information (including family medical history) per federal law and our beliefs as a company. We base our hiring decisions on if you are the best fit for the job and customer requirements. But don't expect everyone to agree with your values when you arrive -- we expect that the best employees will come from a variety of different backgrounds and identities, but share one goal. We don't believe it is our company's job to tell you who you are or what you should value, but we do hope Legion X can be a place where you are open to share exactly who you are and what you believe, yet still find a team of other excellent people ready to work alongside you and get to know you better.