Please paste the following URL into a browser to view the entire job posting in the CAPPS Career Section: https://capps.taleo.net/careersection/ex/jobdetail.ftljob=00058375
You may apply to the job directly through the CAPPS Career Section. It is not necessary to apply both through Work In Texas and CAPPS Career Section
How to ApplySelect the link below to search for this position: https://capps.taleo.net/careersection/371/jobsearch.ftllang=en
Enter the job posting number and#8220; and#8221; in the keyword search.
You must create a CAPPS Career Section candidate profile or be logged in to apply.
Update your profile and apply for the job by navigating through the pages and steps.
Once ready, select and#8220;Submitand#8221; on the and#8220;Review and Submitand#8221; page.
If you have problems accessing the CAPPS Career Section, please follow the instructions in theResetting CAPPS Password for Job Candidatedesk aid.TXCC is seeking a Technical Exploitation Engineer (Reverse Engineer / Vulnerability Researcher) to perform highly advanced (senior-level) cybersecurity analysis, serving as a technical expert supporting the Cyber Threat Intelligence Centerand#8217;s investigations and adversary capability efforts. Working under minimal supervision with extensive latitude for independent judgment, the role analyzes exploits, malware, and adversary tooling; identifies vulnerabilities and recurring technical dependencies; and converts analyst signals and incident artifacts into actionable technical insight. Responsibilities include developing and evaluating security measures to protect systems and infrastructure, conducting vulnerability and software security analysis, and producing technical findings that support detection, incident response, threat assessment, and platform hardening.Essential Job DutiesReverse Engineering and Exploitation ResearchPerforms highly advanced technical analysis of malicious software, adversary tooling, and exploit mechanisms to determine functionality, capability, and operational use. Identifies vulnerabilities, exploit chains, and recurring technical dependencies across software, hardware, and platform configurations relevant to agency systems and critical infrastructure. Conducts exploit capture and technical collection activities, including coordination with internal teams, vendors, and external partners. Applies low-level systems knowledge to analyze binaries, memory artifacts, and system behaviors to support discovery of previously unknown or unconfirmed exploitation activity.Threat and Vulnerability AnalysisAnalyzes cybersecurity threats, adversary tradecraft, and platform weaknesses to identify exploit-enabling conditions, trust boundary failures, and operational dependencies. Hunts for evidence of exploitation across operational telemetryand#8212;including logs, endpoint data, and memory artifactsand#8212;distinguishing malicious activity from benign system behavior at scale. Performs vulnerability assessments and technical risk analyses of systems, configurations, and access controls to identify weaknesses and recommend mitigation strategies. Researches and evaluates threat indicators and behaviors to support the prevention, detection, containment, and remediation of cybersecurity threats.Detection, Hardening, and Technical Output DevelopmentDevelops and implements technical outputs that support cybersecurity operations, including detection content, exploit signatures, and analytic artifacts. Produces clear, actionable technical documentation and findings for internal stakeholders, leadership, and external partners to support incident response, threat assessment, and coordinated remediation efforts. Recommends and supports the implementation of security measures and system safeguards to protect information systems and data from unauthorized access, modification, or destruction. Contributes to the development and execution of system security plans and automated security compliance capabilities.Operational Support, Collaboration, and Capability DevelopmentProvides advanced technical support to analysts and operators during active cybersecurity investigations, including artifact analysis, capability assessment, and development of attribution-relevant findings. Performs incident detection, analysis, and forensic investigation activities, including the recovery and examination of data from information systems and devices. Monitors and analyzes cybersecurity alerts and system activity to identify and respond to potential threats. Applies artificial intelligence and advanced analytic tools to enhance technical workflows, exercising sound judgment to validate outputs. Maintains documentation of tools, techniques, and findings to support knowledge transfer, continuity of operations, and the onboarding of technical staff.
Qualifications: Minimum QualificationsFive (5) years of experience in reverse engineering, vulnerability research, exploit development, or a closely related deep technical discipline.
Demonstrated experience performing low-level technical analysis of malware, adversary tooling, and system artifacts (e.g., binaries, memory, crash data, telemetry) to identify and validate exploitation activity.
Working knowledge of one or more processor architectures (e.g., x86/x64, ARM) at the instruction level.
Proficiency in at least one systems programming language and one scripting language commonly used in technical analysis.
Demonstrated ability to identify vulnerability classes, assess exploitability, and produce clear, actionable technical documentation for technical and analytic audiences.
Practical experience using AI-assisted tools to support technical analysis workflows, with the ability to evaluate output accuracy and reliability.Preferred QualificationsExperience:Working in cyber threat intelligence, threat hunting, incident response, or security operations environments, including support to active investigations.
Analyzing adversary tooling associated with state-affiliated programs (e.g., China, Russia, Iran, DPRK).
Experience with embedded systems, firmware analysis, industrial control systems (ICS), or other specialized computing environments.
Identifying vulnerabilities in cloud platforms, identity systems, or widely deployed enterprise software, including familiarity with cross-cloud architectures and security considerations.
Developing exploits for offensive or research-focused cybersecurity operations.
Standing up or operating malware analysis infrastructure, sandboxing environments, or exploit research tooling.
Familiarity with CTI platforms, data standards (e.g., STIX/TAXII), and detection languages (e.g., YARA, Sigma) used in intelligence and security operations workflows.
Working with SIEM, log aggregation, or large-scale telemetry platforms in operational environments.
Engaging with software or hardware vendors on vulnerability disclosure or coordinated remediation.
Demonstrated public technical contributions (e.g., CVEs, conference presentations, published research, or open-source tooling).
Integrating AI/LLM APIs into production workflows, including prompt design, evaluation, and performance or cost considerations.
Involvement in government, critical infrastructure, or other environments with elevated security and data handling requirements.Licensure:GIAC Reverse Engineering Malware (GREM),
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN),
Offensive Security Exploit Developer (OSED), and/or
GIAC Certified Incident Handler (GCIH)Knowledge, Skills, and AbilitiesKnowledge of cybersecurity principles, including adversary tradecraft, exploitation techniques, vulnerability classes, and incident response practices.Knowledge of computer systems, networks, operating systems
