Senior Cyber Capability Developer

Marathon TS is seeking a Senior Cyber Capability Developer to join our cybersecurity team. The ideal candidate will possess deep technical expertise in analyzing cyber threats, reverse engineering malicious code, and evaluating software for vulnerabilities. This role involves working closely with Information System Security Officers (ISSOs), developers, and stakeholders to ensure the integrity, security, and resilience of systems and software across multiple environments, including those supporting CJIS operations.
Key Responsibilities:

• Assist ISSOs in evaluating delivered software for security weaknesses and malicious logic.
  
• Perform static and dynamic analysis of source code and binary files to detect vulnerabilities and/or malicious behavior.
  
• Conduct manual and automated reverse engineering of applications, malware, and unknown binaries.
  
• Analyze network traffic, system memory, and disk images for indicators of compromise (IoCs) and advanced threats.
  
• Evaluate software developed in various programming and scripting languages including, but not limited to:
  
  • C, C++, Java, C#, Groovy, Python, Perl, JavaScript, Ruby, Bash, PowerShell, Objective-C, and Puppet.
    
• Provide detailed technical guidance on identifying and mitigating security vulnerabilities in both source and compiled code.
  
• Apply secure coding practices and reference industry frameworks such as the OWASP Top 10.
  
• Create and maintain internal tools, frameworks, and scripts to improve security analysis efficiency.
  
• Advise on secure web development practices and modern application security frameworks.
  
• Perform functional analysis of source code/scripts and firmware/hardware when required.
  
• Assist CJIS stakeholders in assessing risks, threats, and security vulnerabilities of CJIS systems and services.
  
• Create and deliver reports (e.g., risk assessments, secure code analysis) and briefings to technical and non-technical audiences.
  
• Contribute to knowledge-sharing sessions, presentations, and security education initiatives.
  

Required Qualifications:

• Professional experience in cyber threat analysis, malware analysis, and/or reverse engineering.
  
• Expertise in static and dynamic binary analysis and reverse engineering of compiled software.
  
• Strong background in network traffic analysis, memory forensics, and disk forensics.
  
• Proficiency in analyzing code written in common development languages and scripting environments.
  
• Demonstrated experience with secure software development methodologies and application hardening techniques.
  
• Familiarity with industry security standards and frameworks, including NIST and OWASP.
  

Preferred Qualifications:

• Experience in CJIS or other law enforcement/federal environments.
  
• Relevant certifications such as GREM, GXPN, OSCP, CEH, or similar.
  
• Experience with tools such as IDA Pro, Ghidra, Wireshark, Volatility, Burp Suite, and similar.
  
• Familiarity with cloud-based and virtualized environments.
  
• Experience managing and developing in diverse software ecosystems.
  

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").

#CJJOBS