Key skills
Android DevelopmentReverse EngineeringApplication Security AssessmentsStaticDynamic AnalysisReverse Engineering ToolsJavaKotlinMalware AnalysisThreat IntelligenceSoft SkillsJavaScriptSQLFlutterAndroid
About this role
Trellix is a global company redefining the future of cybersecurity. They are seeking highly skilled Android App and SDK Reverse Engineers to analyze and deconstruct Android applications and SDKs to identify potential security risks and gain insights into their underlying functionality.
Responsibilities:
- Conduct in-depth analysis of Android applications and SDKs to understand their codebase, architecture, functionality and to identify potential risks
- Employ advanced reverse engineering techniques to extract information from various codebases, including decompilation, disassembly, and debugging
- Identify user and device risk, data leakage, and malicious code execution within Android apps and SDKs
- Gather, analyze and report threat intelligence related to Android malware, exploits, and emerging security trends
- Collaborate with security researchers, developers, and other stakeholders to share findings, provide recommendations, and contribute to the development of secure applications and ecosystem
Requirements:
- A minimum of 3 - 5+ years of expertise in one or more of the following: Android Development, Reverse Engineering, Pentesting, Application Security Assessments, Capture the Flag (CTF)
- Hands on experience with analyzing, unpacking, and reverse engineering code of malicious applications or SDKs
- Static and Dynamic Analysis Techniques
- Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp, to perform binary and APK analysis
- Java, Kotlin, JavaScript, Flutter, and other mobile software languages
- ELF (Native Binaries) reverse engineering
- Development of signatures (SQL, Yara, etc.)
- An understanding of Android Fundamentals such as Android activity lifecycles, common Android API usage, AOSP, and how an Android application is created
- Techniques utilized by malicious applications to harm the user's device or their data
- Mobile App store policies (Ads, PHAs, Developer, etc.)
- Network traffic analysis; security fundamentals
- Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
- Encoding and Cryptography
- Authentication mechanisms and security
- Device rooting
- Complex frameworks and application packers