Threat Intelligence Researcher (Mobile Applications)

at Jobot
Published November 24, 2020
Location Los Angeles, CA
Category Default  
Job Type Full-time  

Description

Research the latest vulnerabilities and build solutions to protect against them!

This Jobot Job is hosted by: Jasper Posner
Are you a fit? Easy Apply now by clicking the "Apply on company site" button and sending us your resume.
Salary: $130,000 - $160,000 per year

A bit about us:

THIS IS A 100% REMOTE POSITION AVAILABLE TO CANDIDATES IN THE UNITED STATES, CANADA AND THE UNITED KINGDOM

We are a rapidly growing, profitable B2B Software company with multiple product lines including Application Security, BlockChain, and Mobile Apps. Our growing customer list includes Fortune 500 Companies, iconic brands, and growing start-ups. We have offices in Downtown Boston, San Francisco, Atlanta, Dallas, London, and Tokyo. We foster a collaborative and inclusive work culture that has resulted in employee retention rates and average tenures well above the industry standard. At this time, we have new products on our road map and are hiring additional Software Engineers to help us bring them to market. If you're a Security Research Software Engineer who enjoys a collaborative work environment and taking new products from the drawing board to release, please read on!

Why join us?

Besides all the challenging and exciting work in the security research and application development space you'll be doing, we also treat you well financially.

WHAT'S IN IT FOR YOU

  • Competitive Salary, bonus, and equity
  • A high degree of autonomy, ownership, and impact working with cutting edge technology
  • Fully sponsored benefits including health, dental, commuter benefits
  • Company-sponsored 401k program
  • Paid time off, vacation, parental leave, etc.

Job Details

This is not an on-call, incident response position. The work is structured and generally, has standard work hours. Also, it’s not network or systems focused. Instead, it is a software application focused. Sometimes, you will be determining the methodology of a known attack on an application. Other times, you will be identifying how you would attack a piece of software in order to create a defense for it. You will be an advocate for the best practices of software protection and coding practices that support it. This requires fluent knowledge of a diverse set of operating systems, processor architectures, and application stores.

As a Security Research Engineer, your work will fall into 3 buckets:

1. 50% of your time: General research of existing and emerging threats to software applications in the mobile, desktop, mobile web, web, Linux and windows domains, vulnerabilities, and techniques used to exploit them. Further, you will research and develop solutions and strategies to prevent the types of attacks that your research identifies.

2. 30% of your time: Advising various Software Engineering teams (some working on existing products and others working on new products) about your research such that they can develop architecture and features to prevent attacks based upon your research.

3. 20% Post Incident Response: If one or more of our customers experience a breach, you’ll reverse engineer the attack and develop solutions to prevent similar future attacks. You’ll share your research with the Software Engineering team and assist them in testing if they’ve solved the issues.

Responsibilities:

  • Research the latest attack tools and techniques for (Mobile, Web, Desktop)
  • Research the current state of iOS Jailbreaks and Tweaks
  • Research the current state of Android rootkits and Malware
  • Analyze software applications at the instruction and data flow level
  • Identify and report on attack methodology, including but not limited to:

•Patching of Data and Instructions
•OS Modification (Substrates)
•Code Injection, Hooking or Redirection
•Debugging and Disassembly Tools

  • Network monitoring and manipulation
  • Attacks on Cryptography
  • Produce best practices to avoid creating software vulnerable to attacks
  • Prototype techniques of detection, obfuscation, and protection
  • Shape the next generation of protection technologies

Requirements:

  • Hands-on experience and expertise in reverse engineering attacks on software (especially mobile apps)
  • Expertise using Kali Linux and various took kits including IDA Pro, Hopper, etc.
  • Fluent knowledge of Cryptographic Attacks
  • Fluent in iOS & Android internals
  • Fluent in Web Application Security
  • Fluent in OWASP top 10
  • BS, Computer Science or equivalent relevant experience or background
  • Fundamental understanding of:

•Cryptography
•Computer architecture
•Mobile operating systems

  • Solid verbal and written communication skills in English
  • Ability to work collaboratively in an Agile distributed environment

Strong Plusses:

  • Ability to code in C/C++, Python, JavaScript, or other scripting languages
  • Knowledge of Processor Architectures
  • Fundamental understanding of Network Security Concepts

Having read this ad, please apply now if you feel you may be a fit. Interviews are ongoing.

Interested in hearing more? Easy Apply now by clicking the "Apply on company site" button.