Android Security Engineer

Role Overview

We are looking for a highly skilled Android Reverse Engineer (Mid/

Senior Level) with a strong background in Android internals, reverse

engineering, and mobile application security. You will be responsible

for dissecting Android apps and SDKs, identifying potential security

risks, and providing actionable insights to strengthen mobile

ecosystem security.

This position requires hands-on experience in reverse engineering,

malware analysis, static/dynamic analysis, and tool development —

along with an analytical mindset and a passion for understanding how

complex mobile software works under the hood.

Key Responsibilities

Reverse Engineering & Code Analysis:

Perform in-depth static and dynamic analysis of Android applications

and SDKs (including obfuscated and packed binaries).

Utilize tools such as Ghidra, Jadx, IDA Pro, Frida, Burp Suite,

Objection, and Xposed to reverse engineer APKs and native libraries

(ELF binaries).

Analyze app logic, SDK integrations, and network behaviors.

Threat & Risk Assessment:

Identify data leaks, malicious code, privacy violations, and potential

exploitation vectors in mobile apps and SDKs.

Assess Android apps for compliance with Google Play policies and

general mobile security best practices.

Tooling & Automation:

Develop and maintain custom tools, scripts, and frameworks to automate

static/dynamic analysis, unpacking, and threat detection workflows.

Write signatures (e.g., YARA, Sigma) and contribute to internal

knowledge bases and detection systems.

Research & Intelligence Gathering:

Monitor emerging Android security threats, malware families, and

exploit techniques.

Utilize OSINT sources such as VirusTotal, ExploitDB, MITRE ATT&CK, and

security research communities to stay current.

Collaboration & Reporting:

Work closely with security researchers, engineers, and developers to

communicate findings and recommend remediation strategies.

Produce detailed technical reports, PoCs, and summaries for internal

or client-facing use.

Continuous Learning:

Keep abreast of Android OS updates, new security controls, and

evolving attacker methodologies.

Participate in CTFs, security challenges, or vulnerabili

y research to

enhance skills.

Required Skills & Experience

Core Technical Expertise:

3–5+ years of hands-on experience in Android reverse engineering,

application security, or mobile malware analysis.

Strong knowledge of Android internals, AOSP, app architecture, and

Android security model.

Experience analyzing and reverse engineering malicious applications or

SDKs.

Proficiency in static and dynamic analysis using tools such as Jadx,

Ghidra, IDA Pro, Frida, Objection, and MobSF.

Familiarity with native library (ELF) analysis and ARM/ARM64 assembly.

Solid understanding of Java, Kotlin, C/C++, and JavaScript (bonus:

Flutter/Dart).

Working knowledge of network traffic analysis, interception proxies

(Burp, mitmproxy), and protocol decoding.

Understanding of SQL, cryptography fundamentals, authentication, root

detection, anti-debugging, and packing/unpacking mechanisms.

Security Knowledge:

Knowledge of malware techniques, exploitation methods, and mobile

security frameworks (OWASP MASVS, MSTG).

Familiarity with threat intelligence and analysis of APT-related

malware.

Ability to develop custom detection logic, including YARA rules and

heuristic signatures.

Nice-to-Have Skills

Experience in vulnerability research, exploit development, or security

code review.

Hands-on Android app development experience (Java/Kotlin).

Background in AdTech SDK analysis or content moderation systems.

Participation in CTFs or bug bounty programs related to mobile

security.

Knowledge of Google Play security and developer policies.

Familiarity with pentesting methodologies, Red/Blue Team operations,

or forensics.

Education & Professional 

Education & Professional Background

Required:

3–5+ years of relevant experience in Reverse Engineering, Android

Security, or Application Penetration Testing.

Preferred:

Bachelor’s/Master’s degree in Computer Science, Computer Engineering,

Information Security, or a related discipline.

Demonstrated contributions to open-source reverse engineering tools,

malware analysis research, or technical security blogs.

Tools & Technologies (Practical Knowledge Expected)

Reverse Engineering Tools: Jadx, Ghidra, IDA Pro, Frida, Objection,

MobSF, Apktool, JADX, Androguard

Debugging/Tracing: ADB, LLDB, gdb, strace, ltrace

Static/Dynamic Analysis: Hopper, Radare2, JEB, Bytecode Viewer

Networking: Burp Suite, mitmproxy, Wireshark

Scripting Languages: Python, Bash, PowerShell

OSINT & Threat Intel: VirusTotal, Hybrid Analysis, MITRE ATT&CK,

Malpedia