Manager, Cyber Capabilities

Shift5 is redefining the future of onboard operational technology (OT). As a fast-growing scale-up, we specialize in cutting-edge cybersecurity, predictive maintenance, and compliance for OT systems across defense, aerospace, and rail. We are a team of passionate, innovative professionals who thrive in a collaborative environment, driven by a shared mission to revolutionize how fleets operate. By unlocking and democratizing the vast potential of onboard OT data, we help our customers’ fleets run smarter, safer, and more efficiently. Ready to be part of the next frontier in transportation and critical infrastructure? Come join us.

Our Values:

• Embrace Truth and Integrity: Base decisions on data, foster open dialogue, and uphold unwavering integrity.
• User-Centric Focus: Prioritize user needs to guide our actions and resource allocation.
• Collaborative & Adaptable: Collaborate for excellence, learning from failures and driving iterative improvements, recognizing every decision's significance.

Shift5 is seeking an experienced Manager, Cyber Capabilities to lead and grow our dedicated vulnerability research team. This pivotal role combines strategic team leadership, mentorship, and execution management with significant hands-on technical contribution. The Manager will drive the research and development of novel cyber capabilities derived from deep vulnerability analysis of embedded systems, operational technology (OT) protocols, and RF communications inherent in critical transportation and defense platforms. This position requires a leader who excels at both guiding a team and actively participating in cutting-edge research, directly supporting Shift5's mission to bring order to the complexity of onboard data and enhance the security, safety, and resilience of aircraft, rail, and military assets.

Location: Rosslyn, VA - Hybrid (required in-office 3-4 days a week), occasional travel to customer sites <15%.

Responsibilities:

Team Leadership & Mentorship:

• Lead, manage, mentor, and develop a high-performing team of vulnerability researchers, fostering a culture of technical excellence, innovation, and collaboration.
• Define clear research objectives, manage project execution across multiple initiatives, allocate resources effectively, and ensure the timely delivery of impactful research outcomes and capabilities.
• Champion the technical growth and development of team members, identifying skill gaps, providing coaching, and facilitating opportunities to educate others across the organization and company. 

Hands-on Research & Capability Development:

• Serve as a technical leader and individual contributor, actively engaging in complex vulnerability research, reverse engineering (e.g. Ghidra, IDA Pro, Binary Ninja), and proof-of-concept development targeting embedded systems (firmware, RTOS, hardware), OT protocols, and RF communications systems.
• Spearhead the development of novel cyber capabilities - defined as advanced techniques, methodologies, and deep system understanding derived from offensive security research

Tooling & Innovation:

• Direct and contribute to the architecture, design, and development of specialized software tools and frameworks to accelerate vulnerability discovery, reverse engineering, and capability development efforts. This includes prototyping innovative tooling and frameworks designed to enhance research efficiency and effectiveness. 
• Cultivate an environment of innovation by encouraging the exploration of new attack surfaces, unconventional research methodologies, and the creative application of research findings. 

Collaboration & Communication:

• Collaborate closely and effectively with cross-functional teams, including Detection Engineering, RF/DSP Engineering, Intelligence Analysts, Product Management, Software/Hardware/Firmware Engineering, and Field Engineering teams, to ensure research findings are operationalized and integrated into Shift5's products and services. 
• Translate highly complex technical research findings, vulnerability details, and capability implications into clear, concise, and actionable insights consumable by diverse audiences, ranging from deeply technical peers to product managers and executive leadership.
• May occasionally interface with customers or external partners to understand specific platform challenges, gather requirements, or communicate the impact and value of the team's research efforts.

Technical Rigor & Reporting:

• Uphold the highest standards of technical accuracy, quality, and rigor in all research activities and outputs. Oversee the creation and review of detailed technical documentation, including vulnerability reports, exploit analyses, capability demonstrations, and internal knowledge sharing.
• Maintain expert-level awareness of the latest cyber threats, vulnerability disclosures, exploitation techniques, and research methodologies pertinent to embedded systems, OT security, transportation protocols, and RF communications security.

Qualifications:

The ideal candidate will possess a blend of deep technical expertise in vulnerability research, strong leadership capabilities, and a passion for securing critical systems.

• Citizenship & Clearance: US Citizenship is required for this role due to the nature of Shift5's work with defense and government contracts and must possess an active TOP SECRET security clearance, at a minimum. 
• Education: Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, or equivalent practical experience demonstrating deep technical aptitude.
• Leadership & Management Experience: 1-2+ years of demonstrated experience successfully leading, managing, or formally mentoring technical teams comprising vulnerability researchers, reverse engineers, or closely related engineering roles and managing multiple concurrent projects in a fast-paced environment. 
• Core Technical Experience: 8+ years of direct, hands-on experience in vulnerability research and reverse engineering specifically targeting embedded systems.Proven experience developing proof-of-concept exploits or demonstrating impactful capabilities against embedded system vulnerabilities.
• Vulnerability Research: Strong proficiency with industry-standard reverse engineering tools (e.g., IDA Pro, Ghidra, Binary Ninja), fuzzing frameworks (e.g. AFL, LibFuzzer) and hardware debugging tools/techniques (e.g., JTAG/SWD debuggers, logic analyzers).
• Programming Skills: Strong programming proficiency in C/C++, Python, and other programming languages.
• Systems Knowledge: Solid understanding of embedded system architectures (PPC, ARM, MIPS, etc.), real-time operating systems, operating system internals (kernel architecture, memory management, driver models) and common hardware peripherals/interfaces (UART, SPI, I2C, GPIO).
• Wireless Communications: Foundational understanding of wireless communication principles and protocols.
• Communication Skills: Excellent verbal and written communication skills, with a proven ability to articulate complex technical concepts clearly and effectively to both deeply technical and non-technical audiences. Experience presenting at industry conferences or technical workshops is preferred. 
• Collaboration: Proven ability to work collaboratively and effectively within multidisciplinary teams, fostering positive working relationships across engineering, product, and research functions.
• Preferred: Hands-on experience analyzing, interacting with, and identifying potential weaknesses in serial bus protocols common in transportation and defense (e.g., CAN bus, MIL-STD-1553, ARINC 429, J1939).

• Preferred: Experience performing vulnerability research or capability development targeting wireless protocols (e.g., Wi-Fi, Bluetooth/BLE, cellular) or specialized RF systems (ADS-B, ACARS, TCAS/IFF, Link16).

Preferred: Prior experience working with specific military weapon systems, commercial or military aircraft or unmanned platforms.

Compensation & Benefits: 

• Base Salary: $200,000-$260,000
• Bonus program and equity in a fast-growing startup
• Competitive medical, dental, and vision coverage for employees and their families
• Health Savings Account with annual employer contributions
• Employer-paid Life and Disability Insurance 
• Uncapped paid time off policy 
• Flexible work & remote work policy 
• Tax-deferred public transit benefits with Metro SmartBenefits (DC/MD/VA)  

We are committed to building an inclusive culture of belonging that embraces the diversity of our people and represents the communities in which we work and the customers we serve. We know the happiest and highest performing teams include people with diverse perspectives and ways of solving problems. We strive to attract and retain talent from all backgrounds and create workplaces where everyone feels empowered to bring their full, authentic selves to work.   

Shift5 is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identify, national origin, disability, age, marital status, ancestry, projected veteran status, or any other protected group or class.  

Privacy Policy and Notice for Shift5, Inc. Job Applicants, Employees & Contractors