Android Reverse Engineer

We are seeking an experienced Android Malware Reverse Engineer to join our security research and malware analysis team. In this role, you will perform in-depth reverse engineering and security analysis of Android apps, SDKs, and binaries to uncover threats, identify malware families, and improve threat detection at scale. You will leverage both static and dynamic analysis techniques and work closely with developers, pen testers, and data analysts.

Most of the code that needs to be reviewed is usually written in JAVA or KOTLIN and uses such tools as Wireshark, Frida, etc for reverse engineering activities.

· An android web developer that is strong in JAVA or Kotlin

· A Web app person that has done Pen Testing

· A Malware Analyst—this could be a Windows person that can be trained on the Android platform.

· He would also like someone with SQL experience so they can write SQL code to query the data and look for common issues across all the malware issues that have been uncovered

Description:

• The Android Malware Reverse Engineers will conduct reverse engineering, security assessments, and code reviews.

• You will conduct and assist with complex decompilation, unpacking, code review and malicious mobile software reviews.

• The goal of the work is to identify families of malware and act on apps at scale.

• You will be responsible for developing static and dynamic signatures for mobile code, binaries, and executable code leading to the detection of a variety of threat types including malware, potentially unwanted programs (PUPs) and advanced persistent threats.

• Additionally, you will identify weaknesses in detections and automations and make recommendations for improvements in the detection process and automation pipeline.

• You are required to write complex reports for consumption of non-technical audiences, review peer reports and assist with investigations.

Requirements:

· Hands on Experience with the following:

· Analyzing, unpacking, and reverse engineering code of malicious applications or SDKs.

· Static and Dynamic Analysis Techniques

· Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp, to perform binary and APK analysis

· Java, Kotlin, JavaScript, Flutter, and other mobile software languages

· ELF (Native Binaries) reverse engineering

· Query languages such as SQL

· Understanding of the following topics

· Android Fundamentals such as Android activity lifecycles, common Android API usage, AOSP, and how an android application is created.

· Java and/or Kotlin Programing Language

· Techniques utilized by malicious software to harm the user’s device or their data

· Mobile App store policies (Ads, PHAs, Developer, etc.)

· Ability to read, comprehend and analyze source code

Additional:

· Development of signatures (Yara, etc.)

· Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)

· In depth knowledge of security engineering and analysis topics, computer and network security, cryptography, authentication security, rooting, packing, network protocols and interception

Nice to Have:

· Experience with Vulnerability Analysis or security code review

· Android Software Development Experience

· Background / Familiarity with Google Ads or Content moderation

· Participation in a Capture the Flag (CTF) for Mobile software

· Pen testing, Blue Team, and/or Red Team experience

Professional Experience and Education

Required/Preferred:

Associates/Bachelor’s Degree/master’s in computer science, Computer engineering, CS, or information systems, or related discipline.

Atleast 2 years of hands on Android and reverse engineering