Project overview
About the Role The Android Malware Reverse Engineers will conduct reverse engineering, security assessments, and code reviews. They will conduct and assist with complex de-compilation, unpacking, code review, and malicious mobile software reviews. The goal of the work is to identify families of malware and act on apps at scale. Key Responsibilities Develop static and dynamic signatures for mobile code, binaries, and executable code leading to the detection of a variety of threat types including malware, potentially unwanted programs (PUPs), and advanced persistent threats. Write complex reports for consumption by non-technical audiences, review peer reports, and assist with investigations. Identify weaknesses in detections and automations and make recommendations for improvements in the detection process and automation pipeline. Qualifications/Requirements Hands-on Experience with the following: Review malicious applications and SDKs by analyzing, unpacking, and reverse engineering software that compromises Android devices. Static and Dynamic Analysis Experience with ELF (Native Binaries) reverse engineering Experience with Java, Kotlin, JavaScript, Flutter, and other mobile software languages Experience with Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp, to perform binary and APK analysis Code reviews for security policy violations, vulnerabilities, or improper coding practices Understanding of the following topics: Java Programming Language Techniques utilized by malicious software to tamper with user devices and make removal more difficult. Android Security Topics Mobile App store policies (Ads, PHAs, Developer, etc.) Ability to read, comprehend, and analyze source code software Additional: Development of signatures (Yara, etc.) Familiarity with Google Ads or Content moderation is an added bonus Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.) In-depth knowledge of security engineering and analysis topics, computer and network security, cryptography, authentication security, rooting, packing, network protocols, and interception Experience with Vulnerability Analysis Android Development Capture the Flag in Mobile software Professional Experience and Education: Associates/Bachelor’s Degree/master’s in computer science, computer engineering, CS, or information systems, or related discipline.