Browse CIA Jobs

Cyber Security Researcher

Cyber Security Researchers focus in the cyber arena and specialist in the design, development, integration, and deployment of cutting-edge tools, techniques, and systems to support cyber operations.

  • Full time
  • Starting salary: $66,077 - $116,788
  • Bachelor's degree
  • Opportunities for domestic travel are possible

About the Job

As a Cyber Security Researcher for CIA, you will focus in the cyber arena and specialize in the design, development, integration, and deployment of cutting edge tools, techniques, and systems to support cyber operations and other intelligence activities. Leveraging advanced knowledge and tradecraft with regards to computer and network security, Cyber Security Researchers produce creative, innovative, and elegant solutions to some of the toughest challenges. You will utilize your technical skills, imagination, ingenuity, initiative, and expertise to help develop, support, and execute the Agency’s intelligence mission.

Most positions are located in the Washington, DC metropolitan area, but opportunities to serve and travel overseas exist as your career and abilities develop.

Who You’ll Work With

At the Central Intelligence Agency (CIA), we recognize our Nation’s strength comes from the diversity of its people. People from a broad range of backgrounds and viewpoints work at CIA, and our diverse teams are the reason we can keep our country safe.

Read more about diversity and inclusion

What You’ll Get

Our benefits support every aspect of a working professional’s life, including health and wellness, time off, family, finances, and continuing education. Our programs include highly sought-after government health benefits, flexible schedules, sick leave, and childcare. In some cases, we also offer sign-on incentives and cover moving expenses if you relocate.

As a CIA employee, you’ll also get the satisfaction of knowing your work is part of something bigger than yourself. Our work is driven by one mission: to keep our Nation safe. Every day is an opportunity to enhance U.S. national security.

Learn more about working at CIA


Minimum Qualifications

  • Bachelor’s degree in one of the following fields or related studies:
    • Computer engineering
    • Computer science
    • Electrical engineering
    • Software engineering
    • Or, five (5) years of hands on professional experience in one of the following fields (Offensive security, System level software development)
  • At least a 3.0 GPA on a 4-point scale
  • 3 years of experience with a system programming language (preferably C or C++)
  • Knowledge of:
    • Operating system concepts (UNIX/Linux, Windows, iOS, or Android) such as Security models, File systems, Process management and isolation, Inter-process communication, Networking, Cryptography
  • Computer science fundamentals and software development best practices
  • Basic Computer Network Exploitation (CNE) and Computer Network Attack (CNA) techniques and terminology
  • Ability to design, develop, debug, and maintain a diverse portfolio of programs written in C/C++, using modern software development tools and methodologies
  • Ability to work effectively in a team environment with competing and ever shifting priorities
  • Ability to identify and manage risk
  • Ability to demonstrated technical leadership
  • Strong verbal and written communication skills, especially the ability to articulate technical requirements to a non-technical audience
  • Passionate about security

Desired Qualifications

  • Master’s or doctorate degree in one of the following fields:
    • Computer engineering
    • Computer science
    • Software engineering
    • Cybersecurity
    • Information security
  • Proficiency with a scripting language such as Python, Bash, Ruby, or Powershell; the ability to do the following with a scripting language:
    • Automate tasks
    • Parse and interpret log output from operating systems, network devices, and infrastructure services
  • Experience with kernel level programming
  • Familiarity with assembly for one or more architectures (ARM, MIPS, x86/x64)
  • Familiarity with reverse engineering and/or exploitation
    • Experience in vulnerability analysis of source code or assembly
    • Knowledge of exploitation techniques
    • Familiarity of exploitation mitigation techniques
    • Experience with Ghidra, IDA Pro, Binary Ninja, or a similar suite of tools
  • Knowledge of industry threat models such as MITRE’s ATT&CK or Lockheed Martin’s Cyber Kill Chain
  • Knowledge of common reconnaissance, exploitation, and post-exploitation frameworks
  • Knowledge of networking fundamentals at all OSI layers
  • Experience in red teaming or pen-testing
  • Any of the following certifications:
    • Certified Ethical Hacker
    • Certified Penetration Tester
    • OSCE
    • GXPN
    • GWAPT
    • eWPTX
    • ECPTX