Android Vulnerability Researcher

Location: Columbia, Maryland
Date Posted: 07-20-2017
Job Description:
We are looking for a Senior Android Vulnerability Researchers for our Device Inspection and Analysis Lab in Columbia, MD. Our work is complex and engaging. We provide time to do Research and Development to increase your knowledge. We make sure our engineers have the environment and tools they need to get the job done. Our Android Vulnerability Researchers analyze mobile devices to understand how they work and how they behave when they break. We are involved with both Red and Blue Team solutions. Many of our engineers spend time taking systems apart, writing tools to augment COTS tools, audit software, and chase issues down the rabbit hole. You might write C or Java code as part of your day.
Headquartered in Columbia, MD, Tresys Technology ( innovates and applies advanced technologies to solve the high-security requirements. Our in-depth solutions are vital to helping defense, intelligence, federal civilian agency and critical infrastructure customers meet ever-evolving cyber-security threats. Our Device Inspection and Analysis Lab focuses on Mobile Device Security.

Required Skills:
  • Experience with Java, C or C++
  • Deep understanding of Android Internals
  • Knowledge of common vulnerability classes (Overflows, Use after free, Race conditions)
Desired Skills:
  • Knowledge of Android kernel subsystems (binder, ashmem, drivers)
  • Knowledge of Android userspace subsystems (framework, zygote, services)
  • Knowledge of Android security including SELinux.
  • Knowledge of Android TrustZone subsystems (TEE)
  • Linux kernel internals
  • Knowledge of Linux operating systems at all layers (boot, kernel space, user space).
  • Experience reading or writing ARM assembly
  • Familiarity with Webkit, V8, and Chrome IPC internals
  • Android native code (Binder, JNI)
  • Experience using debuggers such as WinDBG, DDMS, gdb
  • Experience developing embedded systems
  • Experience using reverse engineering tools such as IDA Pro, HexRays, Binary Ninja, or objdump
  • Understanding of network protocols (TCP/IP stacks, RF communications, routing protocols, or others).
  • Understanding of exploit mitigations such as DEP and ASLR
  • Certified Ethical Hacker (CEH) certification, or comparable certification.
Foundational Requirements:
  • BS degree in computer science, computer engineering, or related field and 2 years’ experience. Candidates with at least 4 years of strong related work experience will also be considered.
  • At least 5 years of Android Device Testing experience
  • Current DoD Secret Clearance is required due to government contracts.
Our Product Security Analysis Solutions Group is growing rapidly. Here is what our Engineers say about the environment:
“I genuinely enjoy being on a small team that embraces innovation, tinkering, and problem solving. It's a great opportunity to stay up to date on the latest technologies and mobile devices."
"Project management actively encourages the team to explore new areas of research and is always open to suggestions on where to go next.”

Innovative Security Solutions is Our Business.
Valuing People is our Culture.

this job portal is powered by CATS