Cybersecurity & IoT Research Analyst
LMI Consulting, LLC, Tysons Corner, VA, United States
Cybersecurity & IoT Research Analyst
Job ID:
2026-13928
# of Openings:
1
Benefit Type:
Salaried High Fringe/Full-Time
Job Locations:
US-VA-Tysons
Overview
LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.
Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors – helping agencies navigate complexity and outpace change.
We’re hiring a Cybersecurity & IoT Research Analyst to support ongoing R&D efforts while contributing directly to production‑bound DoD systems. This is a hybrid R&D + implementation role. You’ll take hands‑on research‑like IoT protocol vulnerability testing, wireless security analysis, and device‑level exploitation‑and translate it into actionable security improvements, RMF artifacts, and deployable solutions. You’ll work across the full lifecycle: from lab‑based vulnerability testing (e.g., replay attacks, packet injection, device compromise) to supporting accreditation (RMF/ATO) and hardening real‑world systems.
Responsibilities
Cybersecurity & RMF Support
Support Risk Management Framework (RMF) activities including control implementation, documentation, POA&Ms, and ATO readiness.
Assist in system security architecture development, aligning IoT/embedded systems with DoD cybersecurity requirements.
Conduct security assessments and support vulnerability management processes across hardware and software systems.
Collaborate with ISSOs, ISSMs, and engineering teams to ensure compliance with NIST and DoD standards.
Vulnerability Testing & Security Research
Design and execute vulnerability testing across IoT and RF protocols (e.g., ZigBee, LoRaWAN, NB‑IoT, Mist).
Perform packet analysis, traffic inspection, and exploitation testing using tools like Wireshark, Kali Linux, and SDR frameworks.
Simulate real‑world attack vectors such as replay attacks, packet injection, device cloning, and resource exhaustion.
Analyze protocol weaknesses such as centralized trust models, insecure key exchange, and lack of rate limiting.
R&D and Innovation
Support ongoing R&D efforts focused on IoT protocol security, wireless communications, and system resilience.
Contribute to the development of testbeds and experimental environments to simulate real‑world deployments.
Evaluate emerging technologies and security approaches to improve system architecture and defense‑in‑depth strategies.
Document findings and translate research into engineering recommendations and product improvements.
Secure System Development
Support development of secure update mechanisms, device authentication workflows, and trust validation systems.
Contribute to secure software and firmware design, including integrity validation and access control mechanisms.
Assist in implementing protections against unauthorized access, tampering, and compromised device participation.
Collaborate with DevSecOps and platform teams to integrate security into CI/CD pipelines and deployment workflows.
Data Analysis & Reporting
Analyze quantitative and qualitative security data to assess system resilience and risk posture.
Develop technical reports, briefings, and executive summaries to communicate findings and recommendations.
Support customer‑facing deliverables and contribute to proposal or R&D documentation efforts.
Qualifications
What We’re Looking For
Bachelor’s degree in Cybersecurity, Computer Engineering, Computer Science, or related field (or equivalent experience).
Strong foundation in cybersecurity principles, including network security, cryptography, and secure system design.
Experience or coursework in wireless communications, RF systems, or IoT protocols.
Hands‑on experience with tools such as Wireshark, Kali Linux, Metasploit, or similar security testing frameworks.
Familiarity with programming/scripting (Python, C/C++, or Java).
Understanding of networking fundamentals and packet‑level analysis.
U.S. Citizenship required; ability to obtain a Secret clearance.
Bonus Points For
Experience with RMF, ATO processes, or NIST 800‑53 controls.
Exposure to IoT security testing, embedded systems, or RF communications.
Experience building or working with testbeds (e.g., Raspberry Pi, wireless mesh networks).
Familiarity with cloud platforms (GCP, AWS) and containerization (Docker).
Participation in cybersecurity competitions, research programs, or technical R&D initiatives.
Experience analyzing attack vectors like replay attacks, packet injection, or unauthorized access in IoT systems.
Why This Role Matters
Modern IoT systems are expanding the attack surface across critical defense infrastructure. Research has shown that protocols can be vulnerable to attacks like replay, injection, and unauthorized access depending on implementation and architecture.
In this role, you won’t just study those vulnerabilities—you’ll help eliminate them. Your work will directly influence how secure, resilient, and mission‑ready next‑generation DoD systems become.
Target Salary Range
$69,265.76 – $118,424.66
LMI is an Equal Opportunity Employer
LMI is committed to the fair treatment of all and to our policy of providing applicants and employees with equal employment opportunities. LMI recruits, hires, trains, and promotes people without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, disability, age, protected veteran status, citizenship status, genetic information, or any other characteristic protected by applicable federal, state, or local law. If you are a person with a disability needing assistance with the application process, please contact accommodations@lmi.org.
Colorado Residents: In any materials you submit, you may redact or remove age‑identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
#J-18808-Ljbffr
Job ID:
2026-13928
# of Openings:
1
Benefit Type:
Salaried High Fringe/Full-Time
Job Locations:
US-VA-Tysons
Overview
LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.
Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors – helping agencies navigate complexity and outpace change.
We’re hiring a Cybersecurity & IoT Research Analyst to support ongoing R&D efforts while contributing directly to production‑bound DoD systems. This is a hybrid R&D + implementation role. You’ll take hands‑on research‑like IoT protocol vulnerability testing, wireless security analysis, and device‑level exploitation‑and translate it into actionable security improvements, RMF artifacts, and deployable solutions. You’ll work across the full lifecycle: from lab‑based vulnerability testing (e.g., replay attacks, packet injection, device compromise) to supporting accreditation (RMF/ATO) and hardening real‑world systems.
Responsibilities
Cybersecurity & RMF Support
Support Risk Management Framework (RMF) activities including control implementation, documentation, POA&Ms, and ATO readiness.
Assist in system security architecture development, aligning IoT/embedded systems with DoD cybersecurity requirements.
Conduct security assessments and support vulnerability management processes across hardware and software systems.
Collaborate with ISSOs, ISSMs, and engineering teams to ensure compliance with NIST and DoD standards.
Vulnerability Testing & Security Research
Design and execute vulnerability testing across IoT and RF protocols (e.g., ZigBee, LoRaWAN, NB‑IoT, Mist).
Perform packet analysis, traffic inspection, and exploitation testing using tools like Wireshark, Kali Linux, and SDR frameworks.
Simulate real‑world attack vectors such as replay attacks, packet injection, device cloning, and resource exhaustion.
Analyze protocol weaknesses such as centralized trust models, insecure key exchange, and lack of rate limiting.
R&D and Innovation
Support ongoing R&D efforts focused on IoT protocol security, wireless communications, and system resilience.
Contribute to the development of testbeds and experimental environments to simulate real‑world deployments.
Evaluate emerging technologies and security approaches to improve system architecture and defense‑in‑depth strategies.
Document findings and translate research into engineering recommendations and product improvements.
Secure System Development
Support development of secure update mechanisms, device authentication workflows, and trust validation systems.
Contribute to secure software and firmware design, including integrity validation and access control mechanisms.
Assist in implementing protections against unauthorized access, tampering, and compromised device participation.
Collaborate with DevSecOps and platform teams to integrate security into CI/CD pipelines and deployment workflows.
Data Analysis & Reporting
Analyze quantitative and qualitative security data to assess system resilience and risk posture.
Develop technical reports, briefings, and executive summaries to communicate findings and recommendations.
Support customer‑facing deliverables and contribute to proposal or R&D documentation efforts.
Qualifications
What We’re Looking For
Bachelor’s degree in Cybersecurity, Computer Engineering, Computer Science, or related field (or equivalent experience).
Strong foundation in cybersecurity principles, including network security, cryptography, and secure system design.
Experience or coursework in wireless communications, RF systems, or IoT protocols.
Hands‑on experience with tools such as Wireshark, Kali Linux, Metasploit, or similar security testing frameworks.
Familiarity with programming/scripting (Python, C/C++, or Java).
Understanding of networking fundamentals and packet‑level analysis.
U.S. Citizenship required; ability to obtain a Secret clearance.
Bonus Points For
Experience with RMF, ATO processes, or NIST 800‑53 controls.
Exposure to IoT security testing, embedded systems, or RF communications.
Experience building or working with testbeds (e.g., Raspberry Pi, wireless mesh networks).
Familiarity with cloud platforms (GCP, AWS) and containerization (Docker).
Participation in cybersecurity competitions, research programs, or technical R&D initiatives.
Experience analyzing attack vectors like replay attacks, packet injection, or unauthorized access in IoT systems.
Why This Role Matters
Modern IoT systems are expanding the attack surface across critical defense infrastructure. Research has shown that protocols can be vulnerable to attacks like replay, injection, and unauthorized access depending on implementation and architecture.
In this role, you won’t just study those vulnerabilities—you’ll help eliminate them. Your work will directly influence how secure, resilient, and mission‑ready next‑generation DoD systems become.
Target Salary Range
$69,265.76 – $118,424.66
LMI is an Equal Opportunity Employer
LMI is committed to the fair treatment of all and to our policy of providing applicants and employees with equal employment opportunities. LMI recruits, hires, trains, and promotes people without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, pregnancy, disability, age, protected veteran status, citizenship status, genetic information, or any other characteristic protected by applicable federal, state, or local law. If you are a person with a disability needing assistance with the application process, please contact accommodations@lmi.org.
Colorado Residents: In any materials you submit, you may redact or remove age‑identifying information such as age, date of birth, or dates of school attendance or graduation. You will not be penalized for redacting or removing this information.
#J-18808-Ljbffr