Emerging Exploitation Developer SME

BOOST LLC is a dynamic management consulting firm that offers an array of government-compliant back-office solutions to support our teaming partners within the GovCon space. Our consultants are experts in the areas of Accounting, Contracts, Human Resources, Recruiting & Sourcing, and Strategic Pricing and our passion is to guide and propel our partners towards success within this competitive sector.

BOOST is partnering with a cleared small business that provides mission-critical, AI-driven cyber defense and reverse engineering solutions for U.S. Government clients to hire an Emerging Exploitation Developer SME. This opportunity is 100% onsite located in the Northern Virginia area.

Position Summary:

As an Emerging Exploitation Developer SME, you will design, implement, and validate realistic exploits, proof-of-concept payloads, and custom implants to challenge and strengthen mission-focused cyber defenses. Your work will directly support detection signature validation, threat emulation, sensor tuning, and red/blue team training, ensuring no defensive blind spots remain. You will operate with a mission-first, people-always mindset, applying advanced tradecraft with zero tolerance for mission failure, and guiding mitigation strategies to protect critical national security environments.

Responsibilities:

• Research and analyze vulnerability classes across diverse operating systems, firmware, and applications to identify high-impact CVEs and candidate exploit chains for emulation.

• Design and build reliable exploit chains including memory corruption (heap, use-after-free, type confusion), logic flaws, and deserialization weaknesses across Windows, Linux, and embedded systems.

• Develop proof-of-concept payloads and custom C2 modules in C, C++, Rust, or Assembly, integrating with frameworks like Metasploit, pwntools, or internally developed toolkits.

• Automate exploit deployment in controlled lab or staging environments to stress-test network and endpoint detection signatures (NIDS/EDR), and refine defensive postures.

• Generate synthetic PCAPs and telemetry that emulate realistic adversary tactics, working closely with hunt teams to verify alert coverage and sensor efficacy.

• Document advanced exploitation techniques, indicators of compromise (IOC) packages, and actionable mitigations in detailed technical advisories and executive summaries.

• Collaborate with reverse-engineering teams, malware analysts, and AI/ML engineers to ensure emulated behaviors align with realistic adversary tradecraft.

• Contribute to and enhance internal tooling for fuzzing, crash triage, and exploit reliability testing; mentor junior researchers in advanced exploitation techniques and secure coding hygiene.

• Provide mission-focused insight and recommendations to leadership to inform rapid defensive mitigations.

Required Qualifications:

• Eight plus (8+) years of hands-on exploit development, offensive security engineering, or advanced vulnerability research in mission-focused, highly regulated, or classified environments.

• Deep knowledge of memory corruption vulnerabilities (heap, use-after-free, type confusion) and familiarity with modern mitigations (ASLR, DEP, CFG, CET).

• Proficiency in C, C++, Rust, or Assembly, along with familiarity in scripting (Python, Bash, PowerShell) to automate exploitation workflows.

• Demonstrated hands-on experience with debuggers and instrumentation tools (e.g., GDB, WinDbg, LLDB, Frida) and modern exploit frameworks.

• Proven ability to produce clear, thorough technical reports, PoC packages, and defensible mitigation recommendations.

• Strong commitment to mission-first, people-always leadership with zero tolerance for mission failure.

Preferred Qualifications:

• Bachelor’s degree or higher in Computer Science, Computer Engineering, Cybersecurity, or a related field.

• Prior participation in top-tier capture-the-flag (CTF) competitions, Pwn2Own, or published vulnerability disclosures.

• Experience with coverage-guided fuzzing frameworks (e.g., AFL, libFuzzer) and symbolic execution engines.

• Certifications such as OSEE, GXPN, or OSCE-3.

• Familiarity with secure enclave technologies and advanced threat emulation frameworks.

Clearance Requirement:

• Active TS/SCI with Poly

Salary Range:

• $245K-$263K (Salary commensurate with experience)

BOOST is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.