Malware Security Engineer

Piper Companies is seeking a Malware Security Engineer to support a leading Global Security Software Company. The Malware Security Engineer will conduct and assist with reverse engineering, security assessments, and code reviews. The goal of this work is develop static and dynamic signatures for mobile code that detects application user threats including malware and PUPs. Applicants must be willing to go onsite a minimum of 3 days per week in Bothell, Washington.

Responsibilities of the Malware Security Engineer Include:

• Reverse engineering Android SDKs to assess risk, user harm, and sensitive data collection
• Conducting static and dynamic analysis
• Provide an assessment and evidence to support, identify tooling and process improvement
• Improving and developing scaled detection rules

Qualifications for the Malware Security Engineer Include:

• Reverse Engineering Fundamentals:
  • Static Analysis - decompilation, dissasembly, code auditing
  • Dynamic Analysis - debugging monitoring, fuzzing
  • Sample Tools - IDA Pro, Ghidra, Radare2, Jadx, Fernflower, Smali, Baksmalu, ADB, JDWP, Android studio, bluestack, Frida, Wireshark, Cyberchef. HTTP interception, Yara, Snort
• Programming (Java/Kotlin, Scripting, Javascript, Encode/Decode, encryption and decryption)
• Android fundamentals (permissions, Manifest, Entry points, Broadcast receivers, exported activities, services, subclasses, Dalvik/ART Virtual machine)

Compensation of the Malware Security Engineer Include:

Salary: $125,000 - $165,000 -- $60/hr - $79/hr

Comprehensive benefits: Medical, Dental, Vision, 401K, PTO, Sick Leave if required by law, and Holidays

This job opens for applications on 1/14. Applications for this job will be accepted for at least 30 days from the posting date.

Keywords: #LI-RL1

Java, kotlin, python, encode, decode, base64, scripting, cryptography, encryption, decryption, Android, Apps, Applications, permissions, Manifest, entry points, broadcast receivers, exported activities, services, subclasses, dalvik, art virtual machine, frameworks, flutter, xamarin, unity, static analysis, decompilation, bytecode, machine code, dissasembly, code auditing, vulnerabilities, security flaws, malware, pups, debugging, monitoring, system calls, network traffic, fuzzing, data analysis, data extraction, database, files, network traffic, data mining, decompile, IDA Pro, Ghidra, Radare2, Jadx, Fernflower, smali, baksmali, adb, jwdp, bluestack, Unicorn qemu, android studio, tcpdump, wireshark, frida, cyberchef, webscarab, burpsuite, http toolkit, yara, semgrep, snort, linux, unix, web application penetration testing, penetration testing, mobile forensics, binary analysis, malware analysis, CTF, hackin the box, reverse engineering, RE, Reverse Engineering, Android, Engineer,