Android Reverse Engineer – Mid-level (3+ years)
Remote
5 positions
Multi-year contract
We are seeking a highly skilled Android Reverse Engineer to join our team. We offer a unique experience focused on quality, where your work involves methodical analysis and challenging targets, while still meeting daily objectives. The ideal candidate will have a profound understanding of Android internals, application framework, a strong aptitude for reverse engineering native code, and a passion for unraveling complex software. In this role, you will be empowered with access to advanced and custom tooling, allowing you to bypass common roadblocks and focus on the core analytical challenge. You won't just analyze applications; you will deconstruct them, understand their nuance, and produce insights that truly matter
Responsibilities:
- Deep Dive Analysis: Conduct in-depth analysis of Android applications and SDKs to understand their codebase, architecture, and functionality.
- Reverse Engineering Techniques: Employ advanced reverse engineering techniques to extract information from various codebases, including decompilation, disassembly, and debugging.
- Risk Identification: Identify user and device risk, data leakage, and malicious code execution within Android apps and SDKs.
- Tool Development: Develop and maintain custom reverse engineering tools and scripts to automate tasks and improve efficiency.
- Security Assessment: Conduct security assessments of Android applications and SDKs to identify potential risks.
- Threat Intelligence: Gather and analyze threat intelligence related to Android malware, exploits, and emerging security trends.
- Collaboration: Collaborate with security researchers, developers, and other stakeholders to share findings, provide recommendations, and contribute to the development of secure software.
- Continuous Learning: Stay updated on the latest Android security threats, vulnerabilities, and reverse engineering techniques.
Requirements:
● Hands on Experience with the following:
- Analyzing, unpacking, and reverse engineering code of malicious applications or SDKs.
- Ability to read, comprehend and analyze source code
- Static and Dynamic Analysis Techniques
- Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp, to perform binary and APK analysis
- Java, Kotlin, JavaScript, Flutter, and other mobile software languages
- ELF (Native Binaries) reverse engineering
- Query languages such as SQL
● Understanding of the following topics
- Android Fundamentals such as Android activity lifecycles, common Android API usage, AOSP, and how an android application is created.
- Java and/or Kotlin Programing Language
- Techniques utilized by malicious software to harm the user’s device or their data
- Mobile App store policies (Ads, PHAs, Developer, etc.)
- Network traffic analysis; security fundamentals
● Additional:
- Development of signatures (Yara, etc.)
- Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
- In depth knowledge of security engineering and analysis topics, computer and network security, cryptography, authentication security, rooting, packing, network protocols and interception
Nice to Have:
● Experience with Vulnerability Analysis or security code review
● Android Software Development Experience
● Background / Familiarity with Google Ads or Content moderation
● Participation in a Capture the Flag (CTF) for Mobile software
● Pen testing, Blue Team, and/or Red Team experience
Professional Experience and Education
● Required:
- 3 – 5+ years’ experience in one or more of the following: Android Development, Reverse Engineering, Pen testing, Application Security Assessments
● Preferred:
- Associates/Bachelor’s Degree/master’s in computer science, computer engineering, CS, or information systems, or related discipline.
- 3 – 5 years of hands-on Android App/SDK Reverse Engineering
—
—
