Hands-on Android development and reverse engineering. In depth understanding and experience in Android internals. Solid background with Android SDK and various reverse engineering tools (listed below). Ability to write down and detail findings in written form for distribution across a team.
Job Description:
The Android SDK Reverse Engineers conduct reverse engineering, security assessments, and code reviews. They conduct, collaborate, and assist with complex de-compilation, unpacking, code review and potentially malicious mobile software reviews. This process is intended to lead to the detection of a code functionality that represents behaviour types that threaten the personal security of users of applications available in the Google Play Store. The goal of the work is to identify families of malware and take action on apps at scale. You will be responsible to develop static and dynamic signatures for mobile code, binaries, and executable code leading to the detection of a variety of threat types including malware, potentially unwanted programs (PUPs) and advanced persistent threats.
Additionally, the SDK Reverse Engineers continually work toward improving the review process through the identification of weaknesses in detection and automation followed by improvement recommendations. You are required to write complex reports for consumption of non-technical audiences, review peer reports and assist with investigations.
Requirements:
• Review of applications and SDKs to detect malicious or inappropriate behaviour by analysing, unpacking and reverse engineering software that compromises Android devices.
• Static and Dynamic Analysis
• Experience with Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp, to perform binary and APK/SDK analysis
• Code reviews for security policy violations, vulnerabilities, or improper coding practices
• Experience with Java, Kotlin, JavaScript, and other mobile software languages.
• Ability to write complex reports for consumption of non-technical audiences,
• Ability to collaborate, work with others as a team.
Job Description
Understanding of the following topics:
• In depth understanding of Android Internals
• Java Programming Language
• Techniques utilized by malicious software to tamper with user devices and make removal more difficult.
• Android Security Topics
• Mobile App store policies (Ads, PHAs, Developer, etc.)
• Ability to read, comprehend and analyze source code software
• To adhere to the Information Security Management policies and procedures.
Additional:
• Development of signatures (Yara, etc.)
• Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, Exploit DB, MITRE,
etc.)
• In depth knowledge of security engineering and analysis topics, computer and network security,
cryptography, authentication security, rooting, packing, network protocols and interception
• Experience with Vulnerability Analysis
• Android Development
• Capture the Flag in Mobile software
Professional Experience and Education:
• BS/MS in computer science, computer engineering, CS, or information systems, or related discipline.
• 3-5 years of hands-on Android development and reverse engineering
• 5+ years of exp and team lead exp for the Sr role
• 3+ years of exp for the mid-level role
• 1+ year for the junior role
• In depth understanding and experience in Android internals
Additional Notes:
Beyond the technical aspect a big emphasis will be placed on the person’s communication skills as well as ability to
document things. Having educational experience with research and report writing (white papers, thesis, etc.) will
go a long way. Communication skills, ability to articulate findings and debrief in meetings will be extremely
important.