Galois seeks an experienced Red Team Lead with red teaming and/or CTF experience of purported secure systems that include custom hardware to play a pivotal role in fulfilling our mission to make trustworthy critical systems.
Galois is building an open source high-assurance voting system running on novel hardware. This project focuses on the design, development, and evaluation of secure CPUs/SoCs using the RISC-V ISA and running on high-end FPGAs. Our client has tasked Galois with creating a high-profile voting system demonstrator for this secure hardware and publicly red-teaming that demonstrator for nearly two years. The kick-off of that red team exercise will be a major public event at the DEF CON 27 Voting Village in Las Vegas in August, 2019, where a minimal version of the voting system will be demonstrated and red teamed. After DEF CON 27, while we extend the capabilities of the voting system, we will run a continuous red team exercise with universities and the public. DEF CON 28 in 2020 will demonstrate and red team the complete voting system.
The role will be responsible for the strategic and tactical direction of a small team dedicated to red team activities. The team is responsible for developing threat simulation services, threat research, structured attack development, vulnerability research and exploit development/testing, scripting and controlled exploitation of hardware and software vulnerabilities. The scope of the position also requires understanding a complex cyber-physical system architecture to develop a precise threat model, red teaming framing, and win conditions for both the DEF CON exercises.
At a minimum, successful candidates have:
● Bachelor’s degree in computer science or computer engineering or equivalent hands-on industry experience
● In-depth understanding of Red Team activities
● Demonstrated experience red teaming and penetration testing
● Experience developing custom software (possibly even hardware) tools to assist in performing reverse engineering and vulnerability analysis
● Scripting/coding experience to prepare attack code
● Experience with security attack simulation tools
● Hands-on assessment experience
Preference will be given to candidates with:
● Experience in formal methods and software assurance
● Familiarity with cryptographic protocols, especially end-to-end verifiable (E2E-V) protocols
● Deep understanding of Voting System requirements and E2E-V architecture
Galois develops technology to guarantee the trustworthiness of systems where failure is unacceptable. We apply cutting edge computer science and mathematics to advance the state of the art in software and hardware trustworthiness.
Engineers work in small team settings and must successfully interact with clients, partners, and other employees in a highly cooperative, collaborative, and intellectually challenging environment.
At Galois, we maintain a unique organizational structure tailored to the needs of the innovative projects we deliver. Our organizational structure is collaborative, one-level flat, and based on principles of well-defined accountabilities and authorities, transparency, and stewardship. We aspire to provide employees with something that matters to them beyond just a paycheck — whether it be opportunities to learn, career growth, a sense of community, or whatever else brings them value as a person.
We believe in individual freedom in the roles we choose, and in the projects we pursue — our research focus areas are the intersection of staff interests and corporate strategy. We choose practices that best suit the project, team, and leaders, with company-wide standards kept to a minimum to ensure we are making the right choices for the situation rather than just business-as-usual choices.
For more on our organizational structure, visit Life at Galois.
We’re looking for people who can invent, learn, think, and inspire. We reward creativity and thrive on collaboration. If you are interested, please submit your cover letter and resume to us.