iOS Security Engineer

Location: Washington, DC, United States
Date Posted: 10-25-2017
iOS Security Engineer  
Remote – Work from Home (WFH)
6-12 Month Contract (possible extension)
Part-Time
 
ATSG Corporation prides itself on our proven dedication to providing expert assistance to our government partners—without any surprises. We work hard to honor our commitment to our clients while ensuring our employees feel secure and empowered in their work. We take excellent care of our team so they may have the freedom and confidence to focus on their missions and provide nothing but the best output on the work site and at home.
The company provides a variety of services within the Intelligence Community. Our products may be diverse but the results are one and the same—on schedule, on budget, and completed with superior quality. We are experienced in areas such as Mobility, Enterprise Architecture, Data Processing, Law Enforcement Mission Support, and Acquisition Support. As an organization, we are consistently expanding our footprint in the contracting community.
 
Apple iOS Vulnerability Researcher will analyze mobile devices to understand how they work and how they behave when they break. Candidates must be proficient with binary analysis techniques and familiar with vulnerability types such as heap corruption, use after free, and buffer overflows.
 
REQUIRED EXPERIENCE AND QUALIFICATIONS:
  • 1-3 years’ experience iOS Target
  • Experience with Objective C, C++ or Swift
  • Proficient with static and dynamic binary analysis techniques
  • Familiar with software vulnerabilities
  • Knowledge of iOS security components (entitlements, sandboxing, code signing)
  • Experience reading or writing ARM assembly
  • Understanding of network protocols (TCP/IP stacks, RF communications, routing protocols, or others).
  • Understanding of exploit mitigations such as DEP and ASLR
  • Experience using reverse engineering tools such as IDA Pro, Joker, or otool
  • Experience using IDEs and complier such as Xcode and clang
  • Experience using debuggers such an lldb, or Hopper
  • Knowledge of Apple’s kernel subsystems (Mach, BSD)
  • Knowledge of Apple’s userspace design (Mach Messaging, framework, shared cache)
  • Knowledge of iOS Jailbreaks
  • Knowledge of iOS Secure Boot Chain
  • Knowledge of ARMv8 64-bit
 
PROJECT TASKS:
  • Research existing static and dynamic tools for iOS and document positive and negative points as to why the tools are selected
  • Static analysis of code and binary.  Information needed is metadata about the app (name, package name, version, etc), static info like classes, methods, libraries, files, internal and external packages, native code, dynamic code, reflection, etc.
  • Dynamic analysis to include installation, cleanup, files written, logs, ips, ports, protocols, encryption, random number generation, cryptography, etc.
  • Analysis around entitlements, sandboxing, code signing, ARM assembly, understanding of network protocols (TCP/IP stacks, RF communications, routing protocols, or others), understanding of exploit mitigations such as DEP and ASLR, Apple’s user space design (Mach Messaging, framework, shared cache), and iOS Secure Boot Chain
  • NIAP analysis for iOS
 
PROJECT TIMELINE/COMMITMENT:
  • 10-15 hrs/week for 6 months
 
EXPECTED DELIVERABLES:
  • Tool analysis with positives and negatives
  • Tool setup instructions for selected tools
  • Tool parsers to JSON dictionary format
  • Data dictionary for both static and dynamic attributes
  • Threat vector analysis and definition for iOS including what attributes can be used in a Bayesian network to calculate riskiness.
  • Business rules for each of the NIAP criteria.
 
*Candidates are encouraged to submit a .doc or .docx resume that explicitly addresses each of the requirements listed above. 
 
As an Equal Opportunity Employer, our applicants and employees are protected from discrimination. Visit http://bit.ly/FederalEEO for more information.
 
Equal access to programs, services and employment is available to all persons. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Recruiting Team.
 
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals on the basis of protected veteran status or disability, and require affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified protected veterans and individuals with disabilities.
To comply with Federal law, ATSG Corporation participates in E-Verify.  Successful candidates must pass the E-Verify process after hire. 
 
We respectfully request not to be contacted by recruiters and/or staffing agencies.
 
 
 
or
this job portal is powered by CATS