Vulnerability Research Intern Jobs (NOW HIRING)

Riverside Overview

Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country’s most challenging technical problems. All Riverside Research opportunities require U.S. Citizenship.

Position Overview

For better or worse, there is almost no facet of our modern world that works without a computer system. Virtually all of those computer systems rely on “systems software” to manage distinct tasks and bridge the gap between hardware and higher-level software. Whether it is an embedded system using tightly-coupled FPGA fabric to offload performance- or security-critical tasks or a server using a hypervisor to manage co-resident guests, there is low-level code making sure that higher-level code can see a sane and well-ordered world. That lower-level code is full of complexity as it works to bridge the gap from the realities of diverse hardware ISAs to higher-level abstractions. It is also foundational to the security story of all of our systems. At Riverside Research, the Secure and Resilient Systems group works to strengthen that code to provide our customers with secure foundations for their mission-critical software stacks. This is essential to getting ahead of the attacker rather than playing whack-a-mole with bug fixes.

Riverside Research is seeking a cyber security research intern to support research and development of cutting-edge systems security technologies. As a key member of our Secure and Resilient Systems team, the researcher will prototype new features in a variety of disciplines ranging from offensive cyber vulnerability and exploitation assessment to implementing new security features in any level of the software stack. Strong fundamentals in software development practices for large projects (version control, debugging techniques, etc) and an understanding of the system software stack and the software/hardware interface will be critical for efficiently designing and prototyping dramatic features that advance the state of the art in cybersecurity.

The researcher will contribute to a diverse team responsible for developing offensive and defensive security features. They will be expected to prototype and push both code and accompanying documentation/design documents. Additionally, they will engage in the research process by assisting the team to design solutions to new challenges, break big problems into subtasks, implement features, and evaluate the resulting prototypes. All members of our group are expected to develop the writing skills necessary to communicate their ideas and results to internal and external stakeholders.

The research scientist should have experience in C/C++, at least one assembly language, Python, and, for bonus points, Rust. A good candidate should be able to explain why BOTH C and Rust are on this list and why Python is on this list (even though no system software is written in Python). An ideal candidate for this position would have experience writing code that interacts directly hardware and be able to explain the challenges of working at the software/hardware interface and how they’ve overcome those challenges in the past.

Responsibilities

• Help the group design innovative offensively driven security solutions to customer problems related to systems software
• Build new tools and/or capabilities in languages like C/C++, Python, Rust, Assembly, etc.
• Contribute to whitepapers and/or published papers that document innovative work performed.
• Document and communicate design decisions, technical challenges, and progress to technical program management
• Collaborate with team members on debugging programs, pair programming, reviewing papers/proposals, etc.
• Participate in relevant internal and customer meetings

Qualifications

• Bachelor's degree, preferred in related technical field, such as computer science, computer engineering, electrical engineering, or cybersecurity and a minimum of 2 years of experience
• Strong software development fundamentals for working inside a large project (e.g., submitting PRs, interacting with open-source communities and mailing lists, git branches/merges/rebasing, build systems, etc)
• Must be eligible to obtain a Top Secret security clearance.
• Communication and creative skills to develop, prototype, benchmark, and document significant security features integrated into existing systems security technologies
• Proficiency in programming languages C/C++, Python, and Assembly (e.g., x86-64, ARM)

Global Comp

$40.00 - hour This represents the typical compensation range for this position based on experience, location and other factors.

Closing Statement

Riverside Research Institute is a not-for-profit, technology-oriented defense company, where service to our customers and support of our staff is our overall mission. Riverside is an affirmative action-equal opportunity employer and complies with all applicable federal, state, and local laws regarding recruitment and hiring. Riverside offers comprehensive compensation and benefit packages to our employees. Riverside bases its employment decisions solely on technical experience, qualifications and other job-related criteria related to our organizational purpose as a not-for-profit company, and without regard to race, color, religion, age, sex marital status, sexual orientation, national origin, physical or mental disability, veteran’s status or any other status legally protected by applicable federal, state, and local law.