Vulnerability Researcher (VR) / Software Reverse Engineers (SRE)

EMPLOYER: Communications Security Establishment (CSE)

JOB DESCRIPTION:


Reference #: R-220990

Closing Date

2022-07-03

 

For detailed information about our Compensation and Benefits, please visit this link:
Compensation.

 

 

In service of addressing the lack of gender diversity in on our technical staff compared to the Canadian workforce availability, we are explicitly encouraging individuals who identify as women or non-binary to apply.

Note: If you identify as a woman or a non-binary individual and chose not to apply, please consider offering feedback to vrc@cse-cst.gc.ca so we can do better.

 

About the Job:

CSE is currently looking for vulnerability researchers (VR) and software reverse engineers (SRE), at the junior and intermediate (0-5 years of experience) to work in a research-focused environment that values teamwork, innovation, and collaboration. The ideal candidate will thrive in an open-minded, respectful and flexible environment, and value the different perspectives and experiences of others. In service of addressing the lack of gender diversity in our technical staff compared to Canadian workforce availability, we are explicitly encouraging individuals who identify as women or non-binary to apply.

A successful candidate will additionally possess a high degree of tenacity, ingenuity and autonomy and a strong desire to learn. We are looking for candidates who have a solid understanding and technical experience in computer architectures and operating systems, knowledge of various aspects of the field of cybersecurity including software reverse engineering and have proficiency in one or more programming languages ranging from assembly, C, C++, Java, JavaScript, Python and Bash. 

 

Typical duties include:

Research computer security vulnerabilities using techniques such as:

- Source code audits.

- Reverse engineering of software programs or components.

- Use debuggers and other tooling to conduct dynamic analysis.

- Develop and optimize research tooling such as fuzz testing software.

- Identify the root cause of program crashes.

Validate vulnerabilities by developing proof-of-concept demonstrations.

Provide advice and guidance on vulnerability mitigations for affected systems.

Apply innovative thinking, and modern computer engineering principles to solve complex problems.

Develop tools and systems to aid in the delivery of VR/SRE services.

Participate in and manage vulnerability research projects.

Generate documentation and reports on research activities and findings.

Collaborate with other Government of Canada (GC) departments, international partners and other CSE divisions to promote the exchange of expertise.

 

Salary Range:

UNMA-08: $99,861 - $115,504 per year

UNMA-07: $91,585 - $106,240 per year

UNMA-06 (Underfill): $80,746 - $93,951 per year

 

Location:

All jobs are in Ottawa, Ontario. Flexible work arrangements, including telework for a portion of the work week, may be possible. For more information on location, please visit the following link: https://www.cse-cst.gc.ca/en/culture-and-community/life-cse/where-we-work.  CSE locations meet current accessibility standards.

 

Language Requirements:

English Essential

 

Area of selection:

Open to Canadian citizens.

 

Required Qualifications

You must clearly demonstrate in your application how you meet these required qualifications:

 

Education

You must have either one of the following:

A University degree* or College diploma* in Computer Science, Computer/Electrical Engineering or related field;

-OR-

Applicants without a computer science related education but who have equivalent experience are encouraged to apply.

*The educational program must be recognized in Canada and you must be able to provide proof of education credentials. Students graduating within the next twelve (12) months are eligible to apply.

 

Experience (for UNMA-07)

Recent* programming experience with at least one widely used language such as Assembly, C, C++, Python, JavaScript.

Recent* experience in at least one of the following disciplines: software reverse engineering, vulnerability research, computer architectures, application development, and secure software development.

 

Experience (for UNMA-08)

Recent* and significant** programming experience with at least one widely used language such as Assembly, C, C++, Python, JavaScript.

Recent* and significant** experience in at least one of the following disciplines: software reverse engineering, vulnerability research, computer architectures, application development, and secure software development.

 

* Recent experience means the candidate has performed this task on an on-going basis as part of their main duties within the last 5 years.

**Significant refers to the depth and breadth of a minimum of 5 years of experience normally achieved through the performance of duties on a regular and continuous basis; also demonstrates drive, autonomy and independence.

 

Competencies

The hiring process will involve a detailed evaluation of the candidate’s level of skill in technical, behavioral and leadership competencies relevant to Vulnerability Researchers. For purposes of transparency, the following is the list of skills the candidate will be evaluated against. Note that these are broad categories and are shared with other job profiles at CSE.

 

Technical competencies

Vulnerability Analysis and Exploitation: Assess systems and/or networks against known threats and vulnerabilities.

Knowledge of Software Reverse Engineering: Knowledge of the practice, techniques, theory, and tools of software reverse engineering (SRE).

Secure Software Assessment: Ability to test, analyze, evaluate and verify the security of software and/or firmware.

Application Development: Ability to design, build, enhance and support software on one or more platforms.

 

Behavioral competencies

Cognitive Thinking Skills: Responding to challenges with innovative solutions, products, or services by questioning conventional means, using intuition, experimentation and fresh perspectives; understanding, analyzing, synthesizing and relating complex information and abstract variables.

Working in a Team: Demonstrating effective interpersonal skills & working cooperatively and effectively within and across organizational units to achieve common goals.

 

Leadership competencies

Change and Innovation: Create a culture where flexibility & openness to new ideas are encouraged. Lead transformation with courage and conviction.

Collaboration: Build relationships with traditional and non-traditional partners & stakeholders to develop solutions that reflect the interests of the organization.

Integrity, Respect & Awareness: Create & promote a culture of integrity, transparency, fairness & respect. Recognize one’s own areas of personal & professional strength as well as areas for development & is committed to continuous learning to enhance self-awareness. Continuous learning to enhance self-awareness.

 

Asset Qualifications

Assets are “nice-to-have” expertise and competencies we’re interested in. If you’re excited about what we do and working with us but are not sure you’re 100% there yet, please don’t let that stop you from applying.

 

If applicable, please demonstrate in your application any specialized expertise that apply to you, as it will be used to determine which team you could best complement within CSE.

 

Asset Experience or Knowledge

As the work of Vulnerability Researcher is varied and draws upon diverse disciplines, we recognize many types of knowledge and experience as a potential asset for the job. Please consider highlighting in your application any specialized expertise that may apply and to aid in our assessment of your suitability for the position.

 

Knowledge or experience in one or more following fields will be considered an asset:

Source code auditing / secure coding practices

Software Reverse Engineering

Experience in multiple languages, such as Assembly (x86, x86_64, ARM, MIPS) /C/C++/Python/JavaScript programing

Operating knowledge and/or driver development (Windows, Linux, Android, iOS)

Use or development of VR tools such as fuzzers (fuzz testing)

Publicly attributed responsible vulnerability disclosures

Participation in Capture-The-Flag (CTF) events

Computer forensics and/or malware analysis

Use of virtualization environments (hypervisors, containers, emulators)

Network protocol analysis

High-performance computing

Data science and machine learning

 

Asset Language

In an effort to foster the full recognition and use of both English and French in Canadian society, supporting Part VII of the Official Languages Act, preference may be given to candidates who are currently bilingual in both official languages at a proficiency of BBB or above.  Please ensure to highlight in your application if you are bilingual in both official languages or if you possess valid Second Language Evaluation (SLE) results.  For additional information regarding what a proficiency level of BBB or above means, please click here.

 

Additional Details

The level of competence demonstrated in the various assessments will be used to determine your qualifications for the UNMA-07 or UNMA-08 level.

 

You will be typically hired into entry level positions though exceptions can be made based on the level of experience and competency you demonstrate during the selection process.

 

If you do not meet all technical competencies, you could be considered for an underfill appointment UNMA-06 (if during the assessment phase of the selection process, a candidate has not demonstrated the required proficiency level for some of the technical competencies of the position but has demonstrated the potential to develop those competencies through specified training and/or development, an underfill appointment could be considered. The candidate would be appointed at one level lower than the substantive level of the position and provided with an individual development plan will be established, depending on your qualifications and experience.)

 

Application Process

Who Can Apply - Area of Selection 

You must be a Canadian citizen, be eligible for a Top-Secret security clearance and be willing to comply with CSE’s own security policies and standards.

 

Security Requirements 

You must have no criminal record. The screening process involves the following:  

security interview 

polygraph test 

psychological assessment 

background investigation covering a minimum of your last 10 years history, including credit and financial verifications. 

 

How to Apply 

Apply on-line: https://gcerp.wd10.myworkdayjobs.com/en-US/External/job/National-Capital-Region-NCR/Vulnerability-Researcher--VR----Software-Reverse-Engineers--SRE-_R-220990?

If you cannot apply online or have a disability preventing you from applying online, please inform us by contacting careers-carrieres@cse-cst.gc.ca prior to the closing date of this selection process. CSE offers an assessment process that will accommodate any reasonable measures required to enable you to be assessed in a fair and equitable manner. Those measures are available to all candidates for further assessment. Related information received will be addressed confidentially. If you need such accommodation, please advise us. 

 

What to Expect  

The process will be conducted in the official language of your choice.  A written test will be administered to candidates who successfully pass the application review. It will be used as a screening tool. Make sure to check your spam/junk mailbox regularly for notification of the test.  Interview(s) will follow for candidates who are successful on the written test.   References (2 supervisors) will be requested from candidates who successfully complete the interview stage.   Candidates will be required to complete the security assessment.  More information regarding this process can be found on CSE's website

 

The entire selection process – written test, interviews, reference check, security investigation – may take more than one year to complete.  If you are deemed to be unsuccessful in the assessment process for this particular selection process, you may reapply in twelve (12) months. 

 

Appointments

Determinate and indeterminate appointments will be used to staff positions of permanent or temporary tenures within CSE. All appointments have a one (1) year probation period.

 

Operational Requirements

Overtime and standby duty may be required.

 

CSE Employment

CSE is a separate organization and is not subject to the Public Service Employment Act (PSEA). The organization has its own values-based staffing regime and as such, has the flexibility to determine qualifications for positions and how these qualifications will be assessed in a selection process.

CSE is an Equal Opportunity Employer. We are committed to a diverse and representative workforce, an open and inclusive work environment and we encourage candidates to self-declare as members of the following designated employment equity groups: women, Aboriginal peoples, persons with disabilities (including learning disabilities, developmental disabilities and all other types of disabilities), and members of visible minority groups.

 

Training and Development

At CSE, we are proud to offer an inclusive and supportive working environment that encourages open minds and attitudes. As an organization that values and nurtures talent, we are committed to helping you fulfill your potential. With comprehensive training and development opportunities, tailored to your needs and the requirements of your work, we will enable you to flourish in your role and perform to the best of your abilities.

 

COVID-19 Vaccination Requirement

On October 6, 2021, the Government of Canada announced details of its plans to require vaccination across the federal public service.

As per CSE’s Policy, federal public servants working at CSE must attest to their vaccination status. The requirement for employees to be fully vaccinated applies whether they are teleworking, working remotely or working on-site.  This is a condition of employment, and it applies to indeterminate (permanent), determinate (term), casual, and student hiring.  Should you reach the point in the selection process where it is necessary to verify terms and conditions of employment then the hiring manager or a human resources representative will contact you in order to complete an attestation.

 

We thank all candidates for their interest in CSE. However, only those selected for further consideration will be contacted.


START DATE: 06/01/2023


Let us know if you are interested in this position. Complete this short form and we will follow up with you promptly.