Security Engineer

Project Role : Security Engineer
Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats.
Must have skills : Product Security
Good to have skills : Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST)
Minimum 3 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: As a Security Sr Analyst specializing in Android Malware Reverse Engineering, you will be responsible for in-depth analysis of Android applications to identify data exfiltration, malware, and security breaches. Your daily activities will involve both Static Application Security Testing SAST and Dynamic Application Security Testing DAST using industry standard and open-source tools, with detailed documentation of your findings. Roles & Responsibilities: • Performing Reverse engineering using static SAST and dynamic DAST Methodologies on a high volume of Android applications and SDKs to proactively identify malware, spyware, trojans, and other security threats. • Deconstruct and analyze malicious code at scale by reverse engineering DEX files and native libraries to uncover sophisticated attack techniques, tampering methods, and data exfiltration mechanisms. • Independently investigate, triage, and resolve security escalations from both internal and external sources, ensuring timely and effective threat response. • Reverse-engineer to uncover sophisticated Android threats such as spyware, banking trojans, rootkits, and RATs to fully understand their functionality, command-and-control C2 protocols, and data exfiltration methods. • Identify and analyze emerging threats, new malware trends, and potential attack vectors targeting the Android ecosystem. • Create clear, accurate, and detailed reports documenting analysis findings, malicious behaviors, and recommended remediation steps for technical and non-technical stakeholders. • Provide proactive input and creative ideas to enhance team workflows, tooling, new detections, collaborate with the SMEs in creating and enhancing the detection mechanism and overall operational efficiency. Professional & Technical Skills: • A strong background in Application Security a prior role focused specifically on Android malware analysis. • A solid understanding of the Android threat landscape and Potentially Harmful Application PHA classifications is highly desirable. • Deep understanding of the Android OS, application lifecycle, and Dalvik bytecode smali. Must have strong proficiency in reading source code in Java and Kotlin. • Exposure to JavaScript, Flutter & Query languages such as SQL • Experience with scripting languages Python, Bash. • Proficiency in reading and analyzing ARM or x86 assembly language to dissect native libraries ELF files and identify malicious functionality. • Proven ability to manually de-obfuscate code, analyze complex algorithms, and reverse-engineer proprietary network protocols to determine the full intent and capability of a threat. • Demonstrated ability to independently solve complex technical challenges and analyze novel or undocumented malware techniques. • Hands-on mastery of industry-standard tools like IDA Pro and Ghidra, including the ability to write scripts IDA Python, Ghidra Script to enhance analysis. • Advanced experience with dynamic analysis tools, particularly Frida, for runtime manipulation, hooking, and tracing application behavior. • Proficiency with static analysis tools like Jadx JEB and network traffic analysis tools like Burp Suite or Wireshark. Additional Information: • The ideal candidate will have a minimum of 4+ years of experience in Android Malware reversing experience. • B.Tech, M.Tech, MCA, or B.Sc. in Computer Science or a related field. A 15-year full time education is required • Location is Hyderabad or Bangalore