Manager, Cyber Capabilities

Summary

Join Shift5, a fast-growing scale-up redefining onboard operational technology (OT) cybersecurity, and become our Manager, Cyber Capabilities. Lead and grow our vulnerability research team, combining strategic leadership, mentorship, and hands-on technical contributions. Drive research and development of novel cyber capabilities through deep vulnerability analysis of embedded systems, OT protocols, and RF communications. Guide the team while actively participating in cutting-edge research, directly supporting Shift5's mission to enhance the security, safety, and resilience of various assets. This role requires a blend of technical expertise, leadership skills, and a passion for securing critical systems. Located in Rosslyn, VA, this hybrid position requires 3-4 days a week in the office with occasional travel.

Requirements

• US Citizenship is required for this role due to the nature of Shift5's work with defense and government contracts and must possess an active TOP SECRET security clearance, at a minimum
• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience demonstrating deep technical aptitude
• 1-2+ years of demonstrated experience successfully leading, managing, or formally mentoring technical teams comprising vulnerability researchers, reverse engineers, or closely related engineering roles and managing multiple concurrent projects in a fast-paced environment
• 8+ years of direct, hands-on experience in vulnerability research and reverse engineering specifically targeting embedded systems
• Proven experience developing proof-of-concept exploits or demonstrating impactful capabilities against embedded system vulnerabilities
• Strong proficiency with industry-standard reverse engineering tools (e.g., IDA Pro, Ghidra, Binary Ninja), fuzzing frameworks (e.g., AFL, LibFuzzer) and hardware debugging tools/techniques (e.g., JTAG/SWD debuggers, logic analyzers)
• Strong programming proficiency in C/C++, Python, and other programming languages
• Solid understanding of embedded system architectures (PPC, ARM, MIPS, etc.), real-time operating systems, operating system internals (kernel architecture, memory management, driver models) and common hardware peripherals/interfaces (UART, SPI, I2C, GPIO)
• Foundational understanding of wireless communication principles and protocols
• Excellent verbal and written communication skills, with a proven ability to articulate complex technical concepts clearly and effectively to both deeply technical and non-technical audiences
• Proven ability to work collaboratively and effectively within multidisciplinary teams, fostering positive working relationships across engineering, product, and research functions

Responsibilities

• Lead, manage, mentor, and develop a high-performing team of vulnerability researchers, fostering a culture of technical excellence, innovation, and collaboration
• Define clear research objectives, manage project execution across multiple initiatives, allocate resources effectively, and ensure the timely delivery of impactful research outcomes and capabilities
• Champion the technical growth and development of team members, identifying skill gaps, providing coaching, and facilitating opportunities to educate others across the organization and company
• Serve as a technical leader and individual contributor, actively engaging in complex vulnerability research, reverse engineering (e.g., Ghidra, IDA Pro, Binary Ninja), and proof-of-concept development targeting embedded systems (firmware, RTOS, hardware), OT protocols, and RF communications systems
• Spearhead the development of novel cyber capabilities - defined as advanced techniques, methodologies, and deep system understanding derived from offensive security research
• Direct and contribute to the architecture, design, and development of specialized software tools and frameworks to accelerate vulnerability discovery, reverse engineering, and capability development efforts. This includes prototyping innovative tooling and frameworks designed to enhance research efficiency and effectiveness
• Cultivate an environment of innovation by encouraging the exploration of new attack surfaces, unconventional research methodologies, and the creative application of research findings
• Collaborate closely and effectively with cross-functional teams, including Detection Engineering, RF/DSP Engineering, Intelligence Analysts, Product Management, Software/Hardware/Firmware Engineering, and Field Engineering teams, to ensure research findings are operationalized and integrated into Shift5's products and services
• Translate highly complex technical research findings, vulnerability details, and capability implications into clear, concise, and actionable insights consumable by diverse audiences, ranging from deeply technical peers to product managers and executive leadership
• May occasionally interface with customers or external partners to understand specific platform challenges, gather requirements, or communicate the impact and value of the team's research efforts
• Uphold the highest standards of technical accuracy, quality, and rigor in all research activities and outputs
• Oversee the creation and review of detailed technical documentation, including vulnerability reports, exploit analyses, capability demonstrations, and internal knowledge sharing
• Maintain expert-level awareness of the latest cyber threats, vulnerability disclosures, exploitation techniques, and research methodologies pertinent to embedded systems, OT security, transportation protocols, and RF communications security

Preferred Qualifications

• Experience presenting at industry conferences or technical workshops is preferred
• Hands-on experience analyzing, interacting with, and identifying potential weaknesses in serial bus protocols common in transportation and defense (e.g., CAN bus, MIL-STD-1553, ARINC 429, J1939)
• Experience performing vulnerability research or capability development targeting wireless protocols (e.g., Wi-Fi, Bluetooth/BLE, cellular) or specialized RF systems (ADS-B, ACARS, TCAS/IFF, Link16)
• Prior experience working with specific military weapon systems, commercial or military aircraft or unmanned platforms

Benefits

• Base Salary: $200,000-$260,000
• Bonus program and equity in a fast-growing startup
• Competitive medical, dental, and vision coverage for employees and their families
• Health Savings Account with annual employer contributions
• Employer-paid Life and Disability Insurance
• Uncapped paid time off policy
• Flexible work & remote work policy
• Tax-deferred public transit benefits with Metro SmartBenefits (DC/MD/VA)