Trellix is hiring a Solution Consultant specializing in Android reverse engineering. You will analyze and deconstruct Android applications and SDKs to identify potential security risks and gain critical insights into their underlying functionality.
What You'll Do
- Conduct in-depth analysis of Android applications and SDKs to understand their codebase, architecture, and functionality.
- Employ advanced reverse engineering techniques, including decompilation, disassembly, and debugging, to extract information.
- Identify user and device risk, data leakage, and malicious code execution within Android apps and SDKs.
- Gather, analyze, and report threat intelligence related to Android malware, exploits, and emerging security trends.
- Collaborate with security researchers, developers, and other stakeholders to share findings and contribute to secure application development.
What We're Looking For
- Minimum of 3 to 5+ years of expertise in Android Development, Reverse Engineering, Pentesting, Application Security Assessments, or Capture the Flag (CTF).
- Hands-on experience analyzing, unpacking, and reverse engineering code of malicious applications or SDKs.
- Experience with Static and Dynamic Analysis Techniques.
- Experience with reverse engineering tools such as Jadx, Ghidra, Frida, IDA Pro, and Burp to perform binary and APK analysis.
- Experience with Java, Kotlin, JavaScript, Flutter, and other mobile software languages.
- Experience with ELF (Native Binaries) reverse engineering.
- Experience with development of signatures (SQL, Yara, etc.).
Nice to Have
- Understanding of Android Fundamentals such as activity lifecycles, common Android API usage, AOSP, and application creation.
- Understanding of techniques utilized by malicious applications to harm a user’s device or data.
- Understanding of Mobile App store policies (Ads, PHAs, Developer, etc.).
- Understanding of Network traffic analysis and security fundamentals.
- Experience with research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.).
- Understanding of Encoding, Cryptography, and Authentication mechanisms.
- Understanding of Device rooting, complex frameworks, and application packers.
Technical Stack
- Jadx, Ghidra, Frida, IDA Pro, Burp
- Java, Kotlin, JavaScript, Flutter
Benefits & Compensation
- Retirement Plans
- Medical, Dental and Vision Coverage
- Paid Time Off
- Paid Parental Leave
- Support for Community Involvement
Trellix is an equal opportunity employer. We believe the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where everyone can bring their authentic selves to work.
