Research Scientist - Parser Security Location US-OH-Beavercreek ID 2024-3266 Category Research & Development Position Type Full Time Salary Riverside Overview Riverside Research is an independent National Security Nonprofit dedicated to research and development in the national interest. We provide high-end technical services, research and development, and prototype solutions to some of the country's most challenging technical problems. All Riverside Research opportunities require U.S. Citizenship. Position Overview Input handling is an unavoidable part of any system implmentation. Often this requires parsing that input to ensure it fits within a buffer, is of the correct type, and fits to the desired format. Yet, parser security is an often overlooked aspect of cybersecurity in both legacy and modern applications. Many historical bugs can be attributed to flaws within the implementation of a system's parser. With effort, we can secure many systems from abhorrent bugs by following best practices when it comes to developing secure parsers for input handling. Riverside Research's Secure and Resilient Systems group is working to change the way in which we think about parser security. By applying state-of-the-art parsing methodologies, we can create a more secure cyberspace without needing to worry about niche edge-case input vulnerabilities. Riverside Research is seeking a dynamic and growth focused junior-level research scientist to support research and development of bleeding-edge parser security technologies. As a key member of our Secure and Resilient Systems team, the research scientist will interface with government research organizations (e.g. DARPA, IARPA, service labs, etc.), work on existing R&D contracts, and develop bleeding-edge technologies for transition to the warfighter. The research scientist will interface with team members across Riverside Research locations. The research scientist will contribute to a diverse team responsible for developing security technologies in a variety of DoD systems. They will get hands-on experience working towards and developing secure parsers in the interest of DoD partners. They will develop software and systems that use new and existing technologies in areas that these technologies may have never been applied to. They will also contribute to technical writing in their research area. The research scientist should hands on experience in C/C++ and Python, as well as a strong understanding of the pitfalls of improper input handling. They should be able to think creatively to express why vulnerabilities such as Heartbleed can be classified as parser vulnerabilities. Responsibilities Help the group design innovate parser and data protocol capabiltiies Assist in utilizing created and existing tools for DoD use cases Build new tools and/or capabilities in languages like C/C++, Python, etc. Contribute to whitepapers and/or publish papers that document innovative work performed Collaborate with team members on debugging programs, designing systems, reviewing papers, etc. Participate in relevant internal and customer meetings Qualifications Required: Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or Cybersecurity and 2 years of relevant experience A deep technical understanding of cybersecurity problems and solutions Proficiency in programming languages C/C++ and Python Experience with version control (Git) Knowledge on data formats and an interest in exploring what makes a secure data format Knowledge of networking protocols Experience with secure input handling Must be eligible to optain a Top Secret security clearance Self-driven, strong analytic, inferencing, critical thinking, and