Mobile Security Research Engineer
NowSecure offers a platform that protects users, devices, apps, and enterprises. We are proud to have 100+ customers that include some of the largest banks and corporations across industries such as finance, defense and healthcare.
We were founded with a mobile focus and strong DNA in forensics and enterprise security. Our dedication to mobile enables us to channel our resources and expertise to make our customers successful. Members of our team are deeply technical. We have authored five books on mobile security for Android and iOS and are very proud of our open source contributions and projects including Frida and Radare. Our engineers and researchers believe in creating conversations and supporting the community.
Who you are:
This exciting role sits at the intersection of reverse engineering, vulnerability research, and software engineering. The ideal candidate has a firm command of mobile security tools, a knack for developing their own new capabilities, and is comfortable applying static and dynamic program analysis techniques to mobile security challenges. This candidate enjoys researching new security vulnerabilities and mitigations. While a great reverse engineer, you also enjoy writing software and take pride in your craftsmanship and ability to think about design, and system architectures from both the reverse and forward engineering perspectives.
The candidate should feel comfortable performing mobile security assessments and be deep in at least one area of the OS stack. This is a technical position that presents opportunities to do research, present at conferences, and offers career advancement. The candidate should feel comfortable working at a company focused on applied research and product development. This candidate is driven by curiosity and a desire to understand systems at the most fundamental levels.
Members of our R&D team have presented at DefCon, Black Hat, and RSA Conference, to name a few.
Role description:

• Understand the strengths and weaknesses of security related to mobile apps, devices and operating systems.
• Deep technical understanding of at least one mobile platform (iOS or Android)
• Utilize "hacking" and pen testing techniques to target mobile apps and web services, and test their security
• Capable of understanding and adapting large code bases of existing tools or functionality to meet specific requirements or for proof of concept development
• Examine transmitted and stored data for personally identifiable information (PII) and/or mobile application artifacts
• Identify new vulnerabilities and ideate on key strategies for detection and remediation of known software vulnerabilities
• Continuously monitor the state of the mobile security industry with an eye towards innovation
• Work within our R&D team and across NowSecure to assure continuous upgrades to existing offerings and the development of new cutting-edge mobile security solutions
• Work in a flat, agile, and expedited project structure

Experience we're looking for:

• Understanding of mobile security techniques and fundamentals
• Proficiency in more than one programming language including high-level (TypeScript, JavaScript, Python and/or Node.js) and low-level system languages (C/C++/Rust)
• Familiarity with exploit development, writing fuzzers and ideation of attack vectors
• Experience with reverse engineering, especially mobile apps and ARM CPUs
• Bachelor's Degree in Computer Science, Computer or Electrical Engineering, or equivalent experience
• Strong communication skills and a high level of professionalism
• Fluency in written and spoken English
• Ability to work independently and with a team
• Comfortable working with remote teams

What we offer:

• Competitive Salary
• Comprehensive Medical/Dental/Vision coverage
• Flexible spending account.
• 401k with employer match
• Unlimited PTO

Department: Research
Location: Remote
FLSA Class: Exempt
Supervisor: Director of Research
Supervision Exercised: None
Travel Requirements: 0-5% for occasional business needs
Environmental Conditions
Work Environment - Normal office environment and/or home office workspace. Generally similar environment when visiting Company's customer offices.
Strength Guidelines - Employee will be expected to lift, move and carry 10-15 lbs in the normal scope of work.
Motion Parameters - Employee will be expected to sit for long periods of time with the option to stand or walk (stretch). Employee may need to bend or squat when picking up items from the floor. Employee must have ability to type on a computer keyboard.
Vision and Hearing Requirements - Employee must be able to see a computer screen, read internal and external reports and summaries. There is a normal amount of background noise in the office environment. Employee must be able to see and hear video conferencing tools.
Emotional Demands - Employee must be able to understand, react and respond to quick decisions, must be able to read and write with a high level of grammar skill including the ability to read, understand and interpret technical information and data. On occasion, employee may have to speak publicly in company meetings and/or company-led presentations, training and seminars.
Information Security Responsibilities

• Employee must follow all applicable policies in the Information Security Handbook, Master Information Security Policy and sub-policies, standards and procedures which are generally available to Employee.
• Employee must maintain security of login credentials and information assets, and follow Data Classification policy regarding labeling and handling of Company data.
• Employee must report any security incidents pursuant to the Incident Response policy
• Employee must support information risk assessments, internal and external information security audit functions
• Employee must complete security training during on-boarding process and other times when arranged by the Company, and maintain any certifications as required