Could you tell me what is the best way to become a "a maintenance coder / reverse-engineer / re-implementor" ?
I've took a look at the Matasano project.
It seems terribly interesting for me and it fits with my expectations.
Unfortunately, they recquire to work in their office, as an european (french) guy, I can't afford to move in America : I'd like to stay not too far from my family and friends if possible. I love programming / computer security very much, but I think I'd suffer from not seeing them anymore.
I'm looking for an french/european job, similar to the one proposed for Matasano Project. AFAIK, it doesn't exist...
I consider moving to America if it isn't possible, but I'd like to avoid that if possible.
You can also become a Vulnerability Reward Program bounty-hunter as a hobby for a while. If you manage to find some high-profile bugs and blog about it, work will probably also start coming to you.
I'll start blogging as soon as I've got something new and interesting.
I need to show what I can do, I'm currently studying and I feel like I haven't a lot of opportunities to really show off my skills because the level of recquirements is not high enough, that's frustrating sometimes.
I agree that a blog could be a good solution, I also enjoy writing articles even if my English is not the best.
I'll keep you informed if you enjoy receiving news from random internet people.
I'll certainly think about some softwares I'd like to analyze during the next few days and start working on finding bugs/vulnerabilities/things interesting.
I work as a maintenance coder on a framework for a network security appliance. In a sense, everything I mentioned is just this - I often don't have any documentation and have to make things work by, at a minimum, running strace and seeing what they're trying to do and work backward - to find a system that was supposed to be creating those files, etc...
I rarely have to use what you'd call "reverse engineering" skills, but the familiarity with ASM and recognizing certain source-level idioms in the generated code, comes in handy for regular debugging all the time.
I got the job partly by chance - a manager mentioned in passing at an event that his team was hiring and I followed up, and because of what we did. We've got a tremendously wide range of deep products with a wide mix of technologies because we've been around for a long time. Because of this, and our laid-back roles I've been able to work closely with our global ops team, the malware analysts, IT, etc.
I think it probably helps to find a company with complex enough tasks, where you have a slightly under-specified role (I maintain the framework ...), and there are a lot of different engineering/ops/support teams under one roof so there's always something fun going on. Then, be the person who handles what other people would call annoyances like requests from other teams.
Let me know if I missed the mark, or could elaborate.
I think I'll aim a maintenance coder job in a company using low level languages (C would be good) and see what opportunities I can get from there.
I enjoy finding and fixing bugs, and as you said, even if it's not always necessary, reverse engineering is often a good ally for fighting bugs.