Vulnerability Research Engineer – Mid-Level

Vulnerability Research Engineer – Mid-Level

Location: Northern Virginia
Travel: None
Clearance: Minimum active Top Secret/Active TS/SCI with Polygraph preferred (or willingness to obtain)
Citizenship: US Citizenship required

About Grimm

Grimm is an innovative, forward-looking cybersecurity organization focused on solving complex technical challenges across hardware, firmware, and software systems. Our teams specialize in reverse engineering, vulnerability research, and security engineering, supporting mission-critical efforts across national security, defense, and critical infrastructure sectors.

Our work is rooted in real-world operational experience identifying advanced threats, uncovering critical vulnerabilities, and developing meaningful solutions to complex problems. Grimm engineers operate across embedded systems, vehicles, IoT, and enterprise technologies, with a focus on understanding systems deeply and demonstrating real-world impact.

We are a highly technical and hands-on organization. Our engineers and researchers specialize in breaking systems, discovering vulnerabilities, and improving resilience—working directly with real hardware and software to understand how systems function and how they fail.

About the Role

Grimm is seeking a Mid-Level Vulnerability Research Engineer to support mission-focused offensive cyber and vulnerability research efforts.

This role is centered on vulnerability research, reverse engineering, exploit development, and low-level software analysis across modern operating systems and platforms. You'll work directly with software systems, embedded technologies, browsers, operating systems, and adversary technologies to identify vulnerabilities and develop technical capabilities in support of national security missions.

We're looking for individuals who are deeply curious, technically driven, and enjoy working at the lowest levels of systems—people who are passionate about understanding how systems function internally and how they can be analyzed, manipulated, or exploited.

What You'll Do

• Conduct vulnerability research against modern software and embedded platforms
• Perform reverse engineering and low-level analysis of binaries and source code
• Research and exploit vulnerabilities in adversary technologies
• Develop offensive software capabilities and supporting tooling
• Support capability integration, testing, and lifecycle maintenance activities
• Conduct technology research and vulnerability assessments
• Develop algorithms and software utilities supporting mission requirements
• Analyze low-level operating system behavior across multiple platforms
• Support software integration and full system testing activities
• Develop technical documentation and communicate technical findings clearly
• Collaborate with cross-functional engineering and research teams

Required Qualifications

• Minimum 5+ years of relevant hands-on experience in vulnerability research, reverse engineering, exploit development, or offensive cyber operations
• Strong JavaScript development experience
• Experience with ARM / AARCH64 assembly development and C programming
• Understanding of exploit mitigations such as:
  • ASLR
  • DEP
  • PXN
  • ROP
• Knowledge of:
  • V8
  • JIT
  • WebKit
• Low-level operating systems experience with one or more of the following:
  • Android
  • iOS
  • Windows
  • macOS
  • Linux
• Proficiency with reverse engineering tools such as:
  • IDA Pro
  • Binary Ninja
  • Ghidra
• Experience with networking development and protocol analysis
• Demonstrated experience with:
  • Software integration and testing
  • Technical writing and documentation
  • Lifecycle maintenance of software programs
• Proven experience writing scripts and software utilities
• Must be a US Citizen

Preferred / Nice to Have

• Expertise in vulnerability research and offensive capability development
• Experience supporting:
  • Government contracting
  • DoD programs
  • Intelligence Community customers
• Proposal development experience
• Active TS/SCI clearance with Polygraph
• Experience managing multiple classified interdisciplinary efforts concurrently
• Leadership experience supporting:
  • Military operations
  • Defense acquisition programs
• Strong verbal and written communication skills, including presenting technical analysis to senior government leadership
• Experience testing across the full software development lifecycle, including:
  • Test plans
  • Test cases
  • Test procedures
• Experience developing offensive tooling and research utilities
• Experience with mobile, browser, or embedded platform exploitation
• Bachelor's degree in a technical discipline

Benefits

Grimm offers a comprehensive benefits package that includes medical, dental, and vision coverage, life and disability insurance, retirement benefits, paid leave, and opportunities for tuition assistance and ongoing professional development.

Why Grimm

You'll be working alongside highly specialized engineers and researchers tackling challenging problems in vulnerability research, reverse engineering, and offensive cyber capability development. Our work directly supports national security missions and requires a high level of technical ownership, creativity, and precision.

If you enjoy digging into complex systems, uncovering vulnerabilities, building capabilities, and pushing your technical skills further, you'll find this environment both challenging and rewarding.

Physical Requirements

• Prolonged periods sitting at a desk and working on a computer
• Must be able to lift up to 15 pounds at times

Equal Opportunity Employer

Grimm is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable federal, state, or local laws.