Mobile software security penetration testers
Brightsight is the number one independent security lab in the world. We are expanding our mobile software security team to keep offering high-quality security evaluation services to the world’s leading OEMs and mobile devices application and solution developers.
Mobile devices are ubiquitous in everyday life. They provide our modern society with an endless range of applications and advantages. Some of these mobile devices, however, are used to handle sensitive information such as personal, financial or even medical data. Such data needs to be adequately secured and protected.
We are looking for Mobile Software Security Evaluators. We will not only consider skilled individuals with years of experience with software security for mobile devices, but also recent graduates seeking to start a successful professional journey. Above all, we want people who are passionate about software security.
WHAT ARE YOU GOING TO DO?
You will be part of a multidisciplinary team of international experts evaluating the security of cutting-edge mobile devices solutions. Some examples of solutions you will be testing are mobile payment, content protection and user authentication.
You will thoroughly test the security of software-based security implementations of mobile and other connected devices. Specifically on platforms such as Android, or iOS. This includes executing practical penetration testing to identify potential vulnerabilities. For this, you will work in our state-of-the-art laboratory to instrument code binaries using advanced reverse engineering techniques and investigate the extent to which the security protections can be circumvented.
You will also participate in R&D projects in the context of mobile software-based security by developing and replicating new attacks, increasing the efficiency of the evaluations, etc.
- Hands on mentality, with experience in ethical hacking/security penetration tests skills and interest mobile applications (Android, iOS)
- Software Security BS degree or higher (MSc, PhD) on Computer Science, or disciplines such as Electronics, Physics or Mathematics, or proven work experience as mobile penetration tester
- Team work mentality, as you’ll work closely with colleagues on projects, with the ability to work independently.
- Good knowledge of mobile platform environments, such as Android, embedded Linux or iOS, and its security principles and related coding languages (Java, C, C++, assembly, python).
- Minimum of 2 years of work related experience with reverse engineering, mobile penetration testing of mobile applications and or embedded systems;
- Understanding of Mobile applications internals, Understanding of APKs, Java Native Interface, Linux kernel
- Knowledge of techniques, standards and state-of-the-art capabilities for authentication, cryptography, security vulnerabilities and counter measures is highly desired.
- Knowledge of tools used for software reverse engineering analysis including (dis-assemblers, debuggers, run-time analysis tools, virtualization based tools, instrumentation)
- Working knowledge of ARM assembly language
- Experience with Android / iOS
- Familiarity with TEE and OS architecture
- Familiarity with cryptography
- Experience with communication protocols
- Experience with crash analysis,
- Experience with IDA Pro or similar reverse engineering tools
Collaborate with team members and have a Can Do attitude and ability to work with changing priorities.
IDA pro, Frida, Android, iOS , reverse engineering, penetration testing, Binary ninja, radare, QEMU .
Why work for Brightsight?
Brightsight is the number one independent security evaluation lab in the world. We have over 30 years of experience in evaluating security products against a variety of requirements.
At Brightsight you will:
- Be part of a multicultural team with highly motivated colleagues from all over the world
- Work for the recognized global leader in security evaluations
- Work with all major developers on their latest innovations
- Enjoy an informal and intellectually challenging work environment