Android Security Engineer

Piper Companies is seeking an Android Security Engineer to support a leading Global Security Software Company. The Android Security Engineer will conduct and assist with reverse engineering, security assessments, and code reviews. The goal of this work is develop static and dynamic signatures for mobile code that detects application user threats including malware and PUPs. Applicants must be willing to go onsite a minimum of 3 days per week in Bothell, Washington.

Responsibilities of the Android Security Engineer Include:

• Reverse engineering and assessing risk and user harm from potentially harmful applications
• Conducting static and dynamic analysis
• Providing assessment and evidence to support findings
• Assessing detection and analysis gaps as well as scalable enforcement through detection rules

Qualifications for the Android Security Engineer Include:

• Reverse Engineering Fundamentals:
  • Static Analysis - decompilation, dissasembly, code auditing
  • Dynamic Analysis - debugging monitoring, fuzzing
  • Sample Tools - IDA Pro, Ghidra, Radare2, Jadx, Fernflower, Smali, Baksmalu, ADB, JDWP, Android studio, bluestack, Frida, Wireshark, Cyberchef. HTTP interception, Yara, Snort
• Programming (Java/Kotlin, Scripting, Javascript, Encode/Decode, encryption and decryption)
• Android fundamentals (permissions, Manifest, Entry points, Broadcast receivers, exported activities, services, subclasses, Dalvik/ART Virtual machine)

Compensation of the Android Security Engineer Includes:

Salary: $125,000 - $170,000 -- $60/hr - $81/hr

Comprehensive benefits: Medical, Dental, Vision, 401K, PTO, Sick Leave if required by law, and Holidays

This job opens for applications on 1/14. Applications for this job will be accepted for at least 30 days from the posting date.

Keywords: #LI-RL1

Java, kotlin, python, encode, decode, base64, scripting, cryptography, encryption, decryption, Android, Apps, Applications, permissions, Manifest, entry points, broadcast receivers, exported activities, services, subclasses, dalvik, art virtual machine, frameworks, flutter, xamarin, unity, static analysis, decompilation, bytecode, machine code, dissasembly, code auditing, vulnerabilities, security flaws, malware, pups, debugging, monitoring, system calls, network traffic, fuzzing, data analysis, data extraction, database, files, network traffic, data mining, decompile, IDA Pro, Ghidra, Radare2, Jadx, Fernflower, smali, baksmali, adb, jwdp, bluestack, Unicorn qemu, android studio, tcpdump, wireshark, frida, cyberchef, webscarab, burpsuite, http toolkit, yara, semgrep, snort, linux, unix, web application penetration testing, penetration testing, mobile forensics, binary analysis, malware analysis, CTF, hackin the box, reverse engineering, RE, Reverse Engineering, Android, Engineer, Mobile, Researcher  Both