Agency-wide Requirements
All applicants must be:
- U.S. citizens (dual U.S. citizens also eligible)
- At least 18 years of age
- Willing to move to the Washington, DC area
- Able to complete security and medical evaluations
- Registered for the Selective Service
About the Job
As a Cyber Security Researcher for CIA, you will focus in the cyber arena and specialize in the design, development, integration, and deployment of cutting edge tools, techniques, and systems to support cyber operations and other intelligence activities. Leveraging advanced knowledge and tradecraft with regards to computer and network security, Cyber Security Researchers produce creative, innovative, and elegant solutions to some of the toughest challenges. You will utilize your technical skills, imagination, ingenuity, initiative, and expertise to help develop, support, and execute the Agency's intelligence mission.
Most positions are located in the Washington, DC metropolitan area, but opportunities to serve and travel exist as your career and abilities develop.
Who You’ll Work With
At the Central Intelligence Agency (CIA), we recognize our Nation’s strength comes from the diversity of its people. People from a broad range of backgrounds and viewpoints work at CIA, and our diverse teams are the reason we can keep our country safe.
Read more about diversity and inclusion
What You’ll Get
Our benefits support every aspect of a working professional’s life, including health and wellness, time off, family, finances, and continuing education. Our programs include highly sought-after government health benefits, flexible schedules, sick leave, and childcare. In some cases, we also offer sign-on incentives and cover moving expenses if you relocate.
As a CIA employee, you’ll also get the satisfaction of knowing your work is part of something bigger than yourself. Our work is driven by one mission: to keep our Nation safe. Every day is an opportunity to enhance U.S. national security.
Learn more about working at CIA
Minimum Qualifications
- Bachelor's degree, with at least a 3.0 GPA on a 4-point scale, in one of the following fields or related studies:
- Computer Engineering
- Computer Science
- Electrical Engineering
- Software Engineering
Or, five (5) years of hands-on professional experience in one of the following fields (Offensive security, system level software development)
- 3 years of experience with a system programming language (preferably C or C++)
- Knowledge of:
- Operating system concepts (UNIX/Linux, Windows, iOS, or Android) such as Security models, File systems, Process management and isolation, Inter-process communication, Networking, Cryptography
- Computer science fundamentals and software development best practices
- Basic Computer Network Exploitation (CNE) and Computer Network Attack (CNA) techniques and terminology
- Ability to design, develop, debug, and maintain a diverse portfolio of programs written in C/C++, using modern software development tools and methodologies
- Proficiency with a scripting language such as Python, Bash, Ruby, or Powershell; the ability to do the following with a scripting language:
- Automate tasks
- Parse and interpret log output from operating systems, network devices, and infrastructure services
- Ability to work effectively in a team environment with competing and ever shifting priorities
- Ability to identify and manage risk
- Ability to break down technical requirements into manageable tasks
- Strong verbal and written communication skills, especially the ability to articulate technical requirements to a non-technical audience
- Demonstrated technical leadership
- Passionate about information security
- Ability to meet the minimum requirements for joining CIA, including U.S. citizenship and a background investigation
Desired Qualifications
- Master’s degree or higher in one of the following fields:
- Computer engineering
- Computer science
- Software engineering
- Cybersecurity
- Information security
- Experience with the full software development lifecycle (requirements gathering through deployment/maintenance)
- Experience with Agile development methodologies, tools, and best practices
- Experience with kernel level programming
- Familiarity with assembly for one or more architectures (ARM, MIPS, x86, x86_64)
- Familiarity with reverse engineering and/or software exploitation
- Experience in vulnerability analysis of source code or assembly
- Knowledge of exploitation techniques
- Familiarity of exploitation mitigation techniques
- Experience with Ghidra, IDA Pro, Binary Ninja, or a similar suite of tools
- Knowledge of industry threat models such as MITRE’s ATT&CK or Lockheed Martin’s Cyber Kill Chain
- Knowledge of common reconnaissance, exploitation, and post-exploitation frameworks
- Knowledge of networking fundamentals at all OSI layers
- Knowledge of modern cryptography theory, algorithms, and implementations
- Experience in red teaming or pen-testing
- Any of the following certifications:
- Certified Ethical Hacker
- Certified Penetration Tester
- OSCE
- GXPN
- GWAPT
- eWPTX
- ECPTX