Company Overview
CCG is a technology company focused on equipping customers with the capabilities and support to conduct intelligent and successful cyber operations. We do this by finding the most talented engineers and operators in the country, give them some of the most challenging problems facing the US government, and help them unleash their creativity and problem-solving skills. Excellence is our standard and mission success is our metric.
Program Goals
Learn: Professional growth during your internship can be exposure to the Cyber Operations domain, learning a new programming language, or perfecting a new tradecraft technique. Contribute: There is a seat at the table for every one of our interns from day one. It is our goal that by the time you leave, your fingerprint is on a true operational contribution. Have Fun: Your time in our program may be limited, but the memories will last. It is our goal that you enjoy your time here and want to come back.Hire: The road doesn’t end at just the internship! Our end state is to bring on former interns full time after completing their school work.
Role
Do you want the results of your work to have meaning beyond just working on widgets? Are you ready to apply the concepts you have learned in the classroom to real world problems that have an outsized impact on our country? At CCG, interns work directly on high-performing teams and contribute to the success of the Cyber Operations mission. You’ve laid the foundation in the classroom, now come build the next generation of technology solutions, and have an impact bigger than you can imagine. As an intern on the Vulnerability Research team, you will imagine weaknesses in multiple types of systems and then find, demonstrate, document, and exploit those weaknesses.
You will be joining a team of advanced researchers to break down and fully understand how a host of different systems function. You will gain experience performing static and dynamic analysis, and multiple classes of vulnerabilities.
Responsibilities
- Perform vulnerability research and reverse engineering on assigned tasks
- Perform static and dynamic analysis by applying research tools such as disassemblers, debuggers, and fuzzers
- Perform exploit development to leverage discovered vulnerabilities
- Be able to communicate security research findings to your team
Required Qualifications
- Pursuing a BS in Computer Engineering, Computer Science, or a related field
- Ability to obtain and maintain a Top Secret Security Clearance; US citizenship
- Some experience with Ghidra, Binary Ninja, IDA or other reverse engineering/disassembler tools
- Classroom experience working in Linux fundamentals (sockets, file descriptors, networking, iptables, file systems, kernel, etc.)
- Familiarity with C and assembly languages like ARMS, MIPS, x86/64
- Classroom experience with programming fundamentals like networking, data structures, and data models
- Understanding of exploitation techniques like arbitrary read-write primitives, shellcoding, and return-oriented programming (ROP/JOP)
- Ability to collaborate with your team, and function independently.
Preferred Qualifications
- Experience with OS and kernel RE
- Basic understanding of fuzzers such as AFL++ or libfuzzer
- Basic understanding of common exploit mitigation mechanisms like SELinux, Seccomp, ASLR, and CFI
- Basic understanding of dynamic analysis with gdb/gdbserver and similar tools
- Basic understanding of processor tool chains
- Basic understanding of emulation using Qemu or Unicorn for running code in a non-native environment
- Experience identifying 0-days and vulnerabilities
- Experience developing reliable code (C, Assembly, Python, and/or JavaScript)
We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.
