Firmware Security Engineer Resume

TECHNICAL SKILLS:

Aspires to become a kernel engineer, firmware developer, CPU architect engineer, software security engineer for OS vulnerability research or general software engineer for iOS/macOS/etc Skills
Research on the BIOS and UEFI specification as well as projects dedicated to them.
Research on kernel engineering (XNU, IOKit, BSD, and Linux) as well kernel reverse engineering for security purposes (iOS and macOS)
Knows approximately 7 programming languages, namely lower level machine dependent languages such as Objective C(++), and x86/ARM Assembly

TECHNICAL SKILLS:

Programming Languages:

Proficient in: C, C++, Objective C, x86, Java

Moderate in: Swift, ARM Assembly, Python, Bash scripting and ACPI Machine Language

EXPERIENCE:

Confidential

Firmware Security Engineer

Responsibilities:

Use the new hash verification tool named eficheck to check customer binaries for malware in the wild using Python and C and create a production framework in Python to detect malicious payloads coming from customers
Fix Coverity, the static analysis tool to parse EFI code and detect real buffer overflows, information leaks, etc in shipping code
Fuzz NVRAM variables stored on the flash chip using an IOKit and userland interface
Develop malware for EFI by fuzzing low level implementations of DHCP, HFS+, APFS (unsuccessful), PCI, SPI, etc Triage and fix existing bugs found from fuzzing low level implementations
Exploit vulnerabilities found in EFI file system implementations to bypass firmware passwords on MacEFI machines
Inject x86 payloads into existing MacEFIFirmware to detect DMA buffer vulnerabilities and other security issues in hardware/firmware implementation
Create full fuzzing infrastructure using the simics x86 emulator for NVRAM variables

Confidential

Software Development

Responsibilities:

Use x86/ARM assembly and C to write lower level startup machine code for modern machines
Conform to the specification of the firmware interfaces and study development of projects
Review open source UEFI firmware through existing reference implementations such as CoreBoot + Tianocore (ACPI and EDK2 development kit)
Inject into system processes and applications using the Mobile Substrate library using the Theos development tools and reverse engineering exploration
Implemented a Mobile Substrate tweak for the Snapchat application that notifies the user if a Snapchat streak is going to be over and provides hooks into the Application now on Confidential
Participated in a hobby project dedicated to installing OS X on a non - Confidential Intel and AMD machines called OSX86
Worked with lower level subsystems and API’s in OS X and iOS such as Mach, IOKit, dyld, Mach-O, launchd, macf, sandbox, kauth, BSD, libkern, osmfk, libSystem, SpringBoard, mutex/semaphores, paging, hfs+, GCD, UIKit/Foundation, and Core Foundation to support the ecosystem
Vastly skilled in Unix-based environments (bash/shell scripting)
Supported the community by providing advanced technical support in an IRC chat
Shared full set instructions to install OS X with binary patches, setup instructions and shared ACPI patches and tables such as the DSDT, SSDT and others on github
Wrote a MachO binary parser before interning at Confidential, it analyzes Objective C metadata, load commands, symbol tables, code signatures (verifies), etc

Application Development (iOS and Android)

Confidential

Responsibilities:

Use Xcode and Android Studio to write applications in Java and Objective C(++)
Utilize the frameworks such as UIKit, SpriteKit, SceneKit, Foundation, CoreFoundation, AppSupport, BulletinBoard, Security, GLKit, SpringBoardServices, CoreGraphics, CoreAnimation and many more to build complete products
Developed This is the End for the iPhone (github)

We provide IT Staff Augmentation Services!

We'd love your feedback!

Resume Categories

Client Services

Job Seekers

Visa Sponsorship