Vulnerability Researcher

About This Role<br /> We are seeking a talented Vulnerability Researcher or Exploit Engineer to join our security research<br /> team. This role focuses on discovering, analyzing, and demonstrating vulnerabilities in mobile platforms<br /> (Android, iOS) and desktop operating systems (Windows). You will contribute to the development of<br /> advanced security capabilities while working with cutting-edge tools and techniques in vulnerability<br /> research, reverse engineering, and exploitation. Successful candidates will have demonstrable<br /> expertise in at least one of our target platforms and a strong foundation in security principles.<br /> <br /> <strong>CORE RESPONSIBILITIES</strong><br /> • Conduct security research on mobile (Android, iOS) and desktop (Windows) platforms to identify<br /> novel vulnerabilities and attack surfaces<br /> • Develop proof-of-concept exploits and technical demonstrations of discovered vulnerabilities<br /> • Perform reverse engineering and binary analysis on platform code and third-party applications<br /> • Analyze platform architecture, system libraries, and kernel components to understand security<br /> mechanisms<br /> • Document findings with technical depth, including vulnerability chain analysis and impact<br /> assessment<br /> • Contribute to the development of automated tools and frameworks for vulnerability discovery and<br /> exploitation<br /> • Collaborate with cross-functional teams to understand customer requirements and technical<br /> constraints<br /> • Stay current with platform updates, security patches, and emerging vulnerability classes<br /> <br /> <strong>QUALIFICATIONS</strong><br /> Required<br /> • Hands-on experience with at least one of the following platforms: Android, iOS, or Windows<br /> • Strong understanding of operating system internals (kernel architecture, process management,<br /> memory management, IPC mechanisms)<br /> • Proficiency in reverse engineering tools and techniques (debuggers, disassemblers, binary<br /> instrumentation)<br /> • Experience with one or more programming/scripting languages (C, C++, Python, JavaScript,<br /> Java, or assembly)<br /> • Familiarity with common vulnerability classes and exploitation techniques (memory corruption,<br /> logic flaws, permission bypass, etc.)<br /> • Ability to communicate technical findings clearly in writing and through presentations<br /> • Experience working in a security-conscious environment with proper handling of sensitive<br /> vulnerability information<br /> • US citizen with ability to obtain government security clearance<br /> <br /> Preferred<br /> • Published security research, public vulnerability disclosures, or relevant conference presentations<br /> • Experience with mobile platform instrumentation and debugging (Frida, lldb, Android Studio<br /> debugger)<br /> • Expertise in wireless communications, messaging protocols (SMS, RCS, IMS), or network-level<br /> attack vectors<br /> • Proficiency with firmware analysis and hardware security concepts<br /> • Experience with malware analysis and threat research<br /> • Background in threat modeling and security architecture assessment<br /> • Experience developing automation tools for security research (test harnesses, instrumentation<br /> frameworks)<br /> • Current TS/SCI security clearance<br /> <br /> <strong>WHO THRIVES IN THIS ROLE</strong><br /> Skills and credentials matter, but the engineers who excel here share certain qualities that are difficult<br /> to teach and impossible to fake:<br /> • Comfort in chaos — you do your best work when requirements are incomplete, the environment is<br /> unfamiliar, and the answer is not obvious<br /> • Customer obsession with an engineering backbone — you care deeply about outcomes, and you<br /> have the technical depth to deliver them<br /> • Intellectual honesty — you tell customers and colleagues what is true, including when the honest<br /> answer is uncomfortable or inconvenient<br /> • Bias toward action — you make informed decisions quickly, execute, and adjust; paralysis under<br /> ambiguity is not in your vocabulary<br /> • Extreme ownership — you follow problems all the way to resolution, never stopping at the handoff<br /> • Builder instinct — when something does not exist that should exist, you build it; when something<br /> is broken, you fix it rather than file a ticket about it<br /> • Restless curiosity — you go deep on customer domains, not just your own product, because you<br /> understand that credibility is built on comprehension<br /> • Clear, confident communication — you can hold your own in a boardroom and equally in a<br /> terminal window; you adjust register without losing substance