8kSec Academy
8kSec Academy Reviews
Student Experiences That Inspire
Their Journey, In Their Words
Darius Swain
Senior Application Penetration Tester, BishopFox
Course: Practical Mobile Application Exploitation
The Practical Mobile Application Exploitation course is packed with valuable content that offers in-depth insights into mobile security architectures for both Android and iOS platforms. The material is comprehensive and well-structured, making it easy to grasp key concepts. One of the highlights of the course is its reverse engineering section, which is excellent. I gained hands-on experience with essential tools for memory patching and reverse engineering, and the practical approach made learning these techniques engaging and effective. Highly recommend this course for anyone interested in mobile security.
Mohammed Alshamsi
Cybersecurity Engineer, BeaconRed
Course: Offensive iOS Internals
As a recent researcher looking for ways to expand my knowledge, I was always on the lookout to find courses that may aid me in the better understanding of mobile security. Thus, I was recommended to take the Offensive iOS Internals course offered by 8ksec.io.
The course is well-structured and comprehensive, covering topics and modules that are essential for diving into the iOS security domain. Starting from teaching ARM64 architecture and the possible vulnerabilities to be found, to the details of a Mach-O binary headers.
The delivery method of the course was done very well, the instructor demonstrated his clear understanding of the course material by introducing complex topics and presenting them in an understandable and detailed fashion, while also providing real-life examples of recent exploits that help the students of the course grasp the creativity needed to succeed in this field.
Overall, I would highly recommend taking this course.
The course is well-structured and comprehensive, covering topics and modules that are essential for diving into the iOS security domain. Starting from teaching ARM64 architecture and the possible vulnerabilities to be found, to the details of a Mach-O binary headers.
The delivery method of the course was done very well, the instructor demonstrated his clear understanding of the course material by introducing complex topics and presenting them in an understandable and detailed fashion, while also providing real-life examples of recent exploits that help the students of the course grasp the creativity needed to succeed in this field.
Overall, I would highly recommend taking this course.
Raghvendra Singh
Software Security Architect,
Confidential
Confidential
Course: Offensive Mobile Reversing and Exploitation
The Offensive Mobile Reversing and Exploitation course by 8ksec Academy is the most comprehensive training I’ve taken in the mobile security space. It goes far beyond basic reversing—diving deep into ARM64 internals, Mach and Binder IPC mechanisms, and advanced exploit mitigations.
The modules on kernel security, rooting/jailbreaking, and reversing both apps and system binaries across iOS and Android were incredibly well structured. What stood out most was the hands-on approach to developing real exploit primitives, understanding post-exploitation techniques, and analyzing public exploits to build intuition. Debugging userland/system binaries and symbolication techniques were especially valuable.
If you’re serious about mobile vulnerability research—building and customizing mobile kernels, understanding bug classes like UaF and heap overflows—this is the course that will get you there.
The modules on kernel security, rooting/jailbreaking, and reversing both apps and system binaries across iOS and Android were incredibly well structured. What stood out most was the hands-on approach to developing real exploit primitives, understanding post-exploitation techniques, and analyzing public exploits to build intuition. Debugging userland/system binaries and symbolication techniques were especially valuable.
If you’re serious about mobile vulnerability research—building and customizing mobile kernels, understanding bug classes like UaF and heap overflows—this is the course that will get you there.
Kevin Montini
Cybersecurity Analyst,
Hakai Security
Hakai Security
Course: Practical Mobile Application Exploitation
I heard great recommendations about 8kSec’s training, led by highly experienced professionals who are well-respected in the mobile security field. The quality of the content stood out right away. I started following their blog posts, where the high technical level and detailed attack explanations became evident. From there, investing in the training was an easy decision. I have several years of experience in mobile app development and was transitioning into mobile offensive security. I had always been on the defensive side, finding ways to protect systems from attacks, but I needed a deeper understanding of how attackers structure their exploits. Through the Practical Mobile Application Exploitation training, I learned various techniques that walk through the entire attack chain, leading up to actual exploitation. It has made me a more well-rounded security professional with an expanded arsenal of offensive methods.
Igor Kharkov
Vice President, Penetration Tester Team Lead at Barclays
Course: Offensive Mobile Reversing and Exploitation
I am a professional penetration tester specializing in security assessments of banking applications on both iOS (iPhone) and Android platforms. My work involves identifying vulnerabilities, bypassing security controls, and ensuring robust protection for financial mobile apps.
8kSec’s Offensive Mobile Reversing and Exploitation training was highly recommended by Corellium Corp., and after completing the course, I can confidently say it exceeded my expectations. The training provided a comprehensive deep dive into mobile platform architecture, bridging the gap between theory and real-world security challenges.
Some of the most impactful aspects included: Reverse Engineering, Frida Scripting, and Platform Security Insights. The sessions were intense, interactive, and highly informative, with expert instructors who provided real-world attack scenarios.
The training significantly elevated my mobile pentesting skills, enabling me to conduct more thorough, detail-oriented assessments. The methodologies learned are now integral to my workflow, especially when assessing high-risk banking applications.
For security professionals—especially pentesters, red teamers, and mobile app developers— 8Ksec’s training is a must. The balance of theory, hands-on labs, and real-world applicability makes it one of the best investments in mobile security education.
8kSec’s Offensive Mobile Reversing and Exploitation training was highly recommended by Corellium Corp., and after completing the course, I can confidently say it exceeded my expectations. The training provided a comprehensive deep dive into mobile platform architecture, bridging the gap between theory and real-world security challenges.
Some of the most impactful aspects included: Reverse Engineering, Frida Scripting, and Platform Security Insights. The sessions were intense, interactive, and highly informative, with expert instructors who provided real-world attack scenarios.
The training significantly elevated my mobile pentesting skills, enabling me to conduct more thorough, detail-oriented assessments. The methodologies learned are now integral to my workflow, especially when assessing high-risk banking applications.
For security professionals—especially pentesters, red teamers, and mobile app developers— 8Ksec’s training is a must. The balance of theory, hands-on labs, and real-world applicability makes it one of the best investments in mobile security education.
Hardik Mehta
Lead Security Researcher,
Katim
Katim
Course: Offensive Android Internals
8ksec’s Offensive Android Internals course was recommended by a peer in the exploit development space, and it turned out to be one of the most advanced and practical Android trainings I’ve taken.
The course offers a rare blend of low-level internals and offensive tactics—covering everything from Binder abuse, SELinux bypasses, and Native Code Exploitation, to crafting advanced Frida hooks and system call hijacking.
What stood out most was the clarity of instruction, depth of content, and real-world context behind each attack vector. Each module is purpose-built to take you deeper into Android’s architecture, covering critical areas like Binder exploitation, SELinux bypasses, Frida internals, and native memory corruption techniques. Unlike many trainings that rely on unrealistic “crackme” binaries, this course focuses on real-world vulnerabilities and hands-on labs grounded in actual security challenges faced by professionals.
For serious Android hackers, exploit devs, or anyone looking to break the surface of Android internals, this course is an absolute gem.
The course offers a rare blend of low-level internals and offensive tactics—covering everything from Binder abuse, SELinux bypasses, and Native Code Exploitation, to crafting advanced Frida hooks and system call hijacking.
What stood out most was the clarity of instruction, depth of content, and real-world context behind each attack vector. Each module is purpose-built to take you deeper into Android’s architecture, covering critical areas like Binder exploitation, SELinux bypasses, Frida internals, and native memory corruption techniques. Unlike many trainings that rely on unrealistic “crackme” binaries, this course focuses on real-world vulnerabilities and hands-on labs grounded in actual security challenges faced by professionals.
For serious Android hackers, exploit devs, or anyone looking to break the surface of Android internals, this course is an absolute gem.
Sergei Shpakov
Senior Security Analyst
Course: Practical Mobile Application Exploitation
I'm currently enrolled in the Practical Mobile Application Exploitation (PMAE) program by 8ksec.
The course is delivered through video-based lessons that not only cover theory but also walk through practical examples in detail, which greatly enhances the learning process. I've previously completed other trainings such as OSCP and AWAE, but I find this learning approach more engaging and effective. A major plus is the one-year access to the course, allowing me to manage the lessons at a comfortable pace without compromising my work schedule.
This course is especially valuable for those who are new to mobile application security testing. The instructors provide a clear, step-by-step guide on how to prepare mobile devices for testing and walk through the assessment process in a structured manner.
Although I have extensive experience in mobile application testing, the course still offered me new insights—particularly hands-on experience with Corellium (having previously worked only with physical devices), working with lldb, and a deeper dive into Frida's capabilities.
In my opinion, this is one of the best mobile security course currently available on the market.
The course is delivered through video-based lessons that not only cover theory but also walk through practical examples in detail, which greatly enhances the learning process. I've previously completed other trainings such as OSCP and AWAE, but I find this learning approach more engaging and effective. A major plus is the one-year access to the course, allowing me to manage the lessons at a comfortable pace without compromising my work schedule.
This course is especially valuable for those who are new to mobile application security testing. The instructors provide a clear, step-by-step guide on how to prepare mobile devices for testing and walk through the assessment process in a structured manner.
Although I have extensive experience in mobile application testing, the course still offered me new insights—particularly hands-on experience with Corellium (having previously worked only with physical devices), working with lldb, and a deeper dive into Frida's capabilities.
In my opinion, this is one of the best mobile security course currently available on the market.
The Practical Mobile Application Exploitation course is packed with valuable content that offers in-depth insights into mobile security architectures for both Android and iOS platforms. The material is comprehensive and well-structured, making it easy to grasp key concepts. One of the highlights of the course is its reverse engineering section, which is excellent. I gained hands-on experience with essential tools for memory patching and reverse engineering, and the practical approach made learning these techniques engaging and effective. Highly recommend this course for anyone interested in mobile security.
Darius Swain
Senior Application Penetration Tester, BishopFox
As a recent researcher looking for ways to expand my knowledge, I was always on the lookout to find courses that may aid me in the better understanding of mobile security. Thus, I was recommended to take the Offensive iOS Internals course offered by 8ksec.io. The course is well-structured and comprehensive, covering topics and modules that are essential for diving into the iOS security domain. Starting from teaching ARM64 architecture and the possible vulnerabilities to be found, to the details of a Mach-O binary headersThe delivery method of the course was done very well, the instructor demonstrated his clear understanding of the course material by introducing complex topics and presenting them in an understandable and detailed fashion, while also providing real-life examples of recent exploits that help the students of the course grasp the creativity needed to succeed in this field.Overall, I would highly recommend taking this course.
Mohammed Alshamsi
Cybersecurity Engineer, BeaconRed
The Offensive Mobile Reversing and Exploitation course by 8ksec Academy is the most comprehensive training I’ve taken in the mobile security space. It goes far beyond basic reversing—diving deep into ARM64 internals, Mach and Binder IPC mechanisms, and advanced exploit mitigations. The modules on kernel security, rooting/jailbreaking, and reversing both apps and system binaries across iOS and Android were incredibly well structured. What stood out most was the hands-on approach to developing real exploit primitives, understanding post-exploitation techniques, and analyzing public exploits to build intuition. Debugging userland/system binaries and symbolication techniques were especially valuable. If you’re serious about mobile vulnerability research—building and customizing mobile kernels, understanding bug classes like UaF and heap overflows—this is the course that will get you there.
Raghvendra Singh
Software Security Architect, Confidential
I heard great recommendations about 8kSec’s training, led by highly experienced professionals who are well-respected in the mobile security field. The quality of the content stood out right away. I started following their blog posts, where the high technical level and detailed attack explanations became evident. From there, investing in the training was an easy decision. I have several years of experience in mobile app development and was transitioning into mobile offensive security. I had always been on the defensive side, finding ways to protect systems from attacks, but I needed a deeper understanding of how attackers structure their exploits. Through the Practical Mobile Application Exploitation training, I learned various techniques that walk through the entire attack chain, leading up to actual exploitation. It has made me a more well-rounded security professional with an expanded arsenal of offensive methods.
Kevin Montini
Cybersecurity Analyst, Hakai Security
I am a professional penetration tester specializing in security assessments of banking applications on both iOS (iPhone) and Android platforms. My work involves identifying vulnerabilities, bypassing security controls, and ensuring robust protection for financial mobile apps. 8kSec’s Offensive Mobile Reversing and Exploitation training was highly recommended by Corellium Corp., and after completing the course, I can confidently say it exceeded my expectations. The training provided a comprehensive deep dive into mobile platform architecture, bridging the gap between theory and real-world security challenges. Some of the most impactful aspects included: Reverse Engineering, Frida Scripting, and Platform Security Insights. The sessions were intense, interactive, and highly informative, with expert instructors who provided real-world attack scenarios. For security professionals—especially pentesters, red teamers, and mobile app developers— 8Ksec’s training is a must. The balance of theory, hands-on labs, and real-world applicability makes it one of the best investments in mobile security education.
Igor Kharkov
Vice President. Penetration Tester Team Lead at Barclays.
8ksec’s Offensive Android Internals course was recommended by a peer in the exploit development space, and it turned out to be one of the most advanced and practical Android trainings I’ve taken. The course offers a rare blend of low-level internals and offensive tactics—covering everything from Binder abuse, SELinux bypasses, and Native Code Exploitation, to crafting advanced Frida hooks and system call hijacking. What stood out most was the clarity of instruction, depth of content, and real-world context behind each attack vector. Each module is purpose-built to take you deeper into Android’s architecture, covering critical areas like Binder exploitation, SELinux bypasses, Frida internals, and native memory corruption techniques. Unlike many trainings that rely on unrealistic “crackme” binaries, this course focuses on real-world vulnerabilities and hands-on labs grounded in actual security challenges faced by professionals.
For serious Android hackers, exploit devs, or anyone looking to break the surface of Android internals, this course is an absolute gem
Hardik Mehta
Lead Security Researcher, Katim.
At 8kSec, we Empower businesses with Cutting-Edge Mobile Security Training, Pioneering Vulnerability research, and Innovative product offerings
Copyright © 2025
FEATURED LINKS
POLICIES
CONNECT WITH US
-
Twitter
-
LinkedIn
Live Trainings list:
Lead Application Penetration Tester*
A Cybersecurity Testing & Consulting Firm
$150,000 - $180,000 a year
Required Qualifications & Skills
- Bachelor’s degree in Computer Science, Software Engineering, or related field, or equivalent job experience
- Thorough security testing of developer workflows and mobile applications (iPhone and Android), including identification of security issues and vulnerabilities
- Proficiency in multiple programming languages and understanding of secure coding practices
- In-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications
- Detailed assessments and compilation of findings into reports for further review and action
- Experience with tools like Burp Suite Pro, Checkmarx, Corellium, Synopsys, Acunetix, VeraCode, SAST & DAST Tools, Plextrac, Cloud security (AWS / Azure / Oracle), Postman, SmartBear ReadyAPI, SoapUI, and Hashicorp Vault
Key Responsibilities
- Team Leadership: Lead and mentor penetration testers, ensuring high-quality security assessments
- Mobile & DevOps Security: Conduct security testing of mobile apps (iOS/Android) and integrate security into DevOps pipelines
- Code & Penetration Testing: Perform source code reviews and comprehensive web/mobile penetration testing
- Reporting & Collaboration: Document findings in detailed reports and collaborate with development teams for remediation
- Offensive Security: Execute red team exercises and offensive security operations
- Security Strategy: Develop and implement security testing strategies and best practices
- Global Collaboration: Work with global teams to secure applications
- Automation: Automate security testing within CI/CD pipelines
iOS Application Security Engineer*
A Cyber-Risk Consulting Firm
$150,000 - $200,000 a year
Required Qualifications & Skills
- Bachelor’s degree in Computer Science, Information Security, or a related field, or 5+ years in mobile application development
- Proficiency in iOS frameworks (UIKit, Core Data) and Android frameworks
- In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques
- Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)
- Extensive experience in iOS application development using Swift/Objective-C, ideally also knowledge of Android (Java/Kotlin) security
- Strong understanding of cryptography principles, secure data storage, and key management
- Experience with mobile reverse engineering tools such as Frida
- Knowledge of App Store and Google Play Store compliance requirements
- Familiarity with advanced encryption techniques and secure app distribution
- Proficiency in iOS frameworks (UIKit, Core Data) and Android frameworks
- In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques
- Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)
- Extensive experience in iOS application development using Swift/Objective-C, ideally also knowledge of Android (Java/Kotlin) security
- Strong understanding of cryptography principles, secure data storage, and key management
- Experience with mobile reverse engineering tools such as Frida
- Knowledge of App Store and Google Play Store compliance requirements
- Familiarity with advanced encryption techniques and secure app distribution
Key Responsibilities
- Secure Mobile Development: Implement secure coding practices (Swift/Objective-C, Kotlin/Java) and ensure secure data handling
- Security Architecture & Threat Modeling: Design secure architectures, perform threat modeling, and ensure compliance (OWASP, PCI DSS, NIST)
- Code Reviews & Auditing: Conduct code reviews, participate in security audits, and perform SAST/DAST
- Vulnerability Management & Penetration Testing: Manage vulnerabilities, conduct penetration tests, and analyze threats
- Security Architecture & Threat Modeling: Design secure architectures, perform threat modeling, and ensure compliance (OWASP, PCI DSS, NIST)
- Code Reviews & Auditing: Conduct code reviews, participate in security audits, and perform SAST/DAST
- Vulnerability Management & Penetration Testing: Manage vulnerabilities, conduct penetration tests, and analyze threats
- API Security & Compliance: Secure API integrations and ensure compliance with app store guidelines
- Collaboration & Incident Response: Collaborate with teams and respond to security incidents
Specialist, Offensive Android Security*
A Tech Giant Company
$151,200 - $207,500 a year
Required Qualifications & Skills
- Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent combination of education training and experience
- Proficiency in tools for kernel debugging, fuzzing, and penetration testing
- Experience with reverse engineering tools (e.g., IDA Pro & Ghidra), debugging tools (e.g., JTAG/SWD)
- 5+ years of experience in system-level penetration testing and vulnerability research
- Strong knowledge of low-level programming languages such as C and Assembly
- Proficiency in tools for kernel debugging, fuzzing, and penetration testing
- Experience with reverse engineering tools (e.g., IDA Pro & Ghidra), debugging tools (e.g., JTAG/SWD)
- 5+ years of experience in system-level penetration testing and vulnerability research
- Strong knowledge of low-level programming languages such as C and Assembly
Key Responsibilities
- Identify trends in kernel and device driver attacks and conduct in-depth research on emerging threats
- Conduct reverse engineering and Secure OS architecture analysis
Develop automated vulnerability discovery and analysis tools, such as fuzzing tools
- Perform penetration testing on OS components, including TEE, bootloader, and kernel
- Research and test the latest exploit trends, developing Proof of Concept attacks and advanced exploits (0-day, 1-day)
- Conduct in-depth root cause analysis to understand and mitigate system vulnerabilities
Kernel Security Researcher*
A Tech Giant Company
$143,100 - $264,200 a year
Required Qualifications & Skills
- Background in kernel and low level systems technologies
- Background in secure coding and code auditing
- Knowledge of modern anti-exploitation mitigations and their effectiveness
- Programming background in C, C++, and Python
Preferred Qualifications:
- Knowledge of macOS and iOS security architectures
- Background in secure coding and code auditing
- Knowledge of modern anti-exploitation mitigations and their effectiveness
- Programming background in C, C++, and Python
Preferred Qualifications:
- Knowledge of macOS and iOS security architectures
- Experience of software exploitation
- Knowledge of memory safe languages
- Proficiency with assembly languages, particularly ARM64, is a big plus
Key Responsibilities
Your responsibilities will include enhancing the security of our products to make them the most secure in the industry, evaluating security-critical code, developing intelligent automated tools for vulnerability detection, building exploits to test mitigation techniques, providing security-focused consultations on key technologies to partner teams, and driving the design and development of new mitigation strategies. This position may require some travel to our other sites, vendors, and security conferences.
Mobile Reverse Engineer*
An IT Services Firm
$88,200 - $195,200 a year
Required Qualifications & Skills
- Bachelor’s degree
- 5+ yrs experience in mobile software reverse engineering
- Experience with Windows, Linux, Android, OS X, and iOS operating system & architecture
- Experience in computer or cell phone architecture, system internals, operating systems, and/or boot process software engineering
Experience with static analysis tools such as IDA Pro, Ghidra and Binary Ninja
- Experience with debugging tools such as WinDbg
- Experience with virtualization, sandboxing, and emulation tools like VMware, KVM, QEMU and others
- Working knowledge of programming languages such as C, C++, .NET, Python, Java, etc.
- Experience debugging mobile application memory and performance issues
Preferred:
- Experience requiring a deep knowledge of Android and a strong passion in mobile industry and mobile development
- Experience developing/designing mobile phone platforms highly desired
- Experience in wireless API's (Wi-Fi, Bluetooth) preferred
- Engineer software scripts in C, C++, and Java with emphasis on prototyping and API extraction
- 5+ yrs experience in mobile software reverse engineering
- Experience with Windows, Linux, Android, OS X, and iOS operating system & architecture
- Experience in computer or cell phone architecture, system internals, operating systems, and/or boot process software engineering
Experience with static analysis tools such as IDA Pro, Ghidra and Binary Ninja
- Experience with debugging tools such as WinDbg
- Experience with virtualization, sandboxing, and emulation tools like VMware, KVM, QEMU and others
- Working knowledge of programming languages such as C, C++, .NET, Python, Java, etc.
- Experience debugging mobile application memory and performance issues
Preferred:
- Experience requiring a deep knowledge of Android and a strong passion in mobile industry and mobile development
- Experience developing/designing mobile phone platforms highly desired
- Experience in wireless API's (Wi-Fi, Bluetooth) preferred
- Engineer software scripts in C, C++, and Java with emphasis on prototyping and API extraction
Key Responsibilities
- Provide malicious code reverse engineering to isolate, review, analyze, and reverse-engineer potentially malicious programs recovered from compromised computer systems and networks
- Research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits
- Research behavior of binaries and share detailed understanding of how apps behave at memory/register level in support of technical exploitation operations
- Support efforts to design, prototype, document, test, conduct exploitation automation and transition code analysis methods and tools specific to technical exploitation operations
- Research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits
- Research behavior of binaries and share detailed understanding of how apps behave at memory/register level in support of technical exploitation operations
- Support efforts to design, prototype, document, test, conduct exploitation automation and transition code analysis methods and tools specific to technical exploitation operations
Senior Lead Security Engineer - Mobile*
A Global Banking Corporation
$147,700 - $190,000 a year
Required Qualifications & Skills
- Formal training or certification on Mobile Development concepts and 5+ years applied experience
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices
- Ability to collaborate with development teams on security functions & resolutions
- Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
- Strong collaboration and communication skills are essential for working effectively with teams on security implementations
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for future state architecture & enterprise integrations
- Proven experience leading projects from scoping to delivery
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices
- Ability to collaborate with development teams on security functions & resolutions
- Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
- Strong collaboration and communication skills are essential for working effectively with teams on security implementations
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for future state architecture & enterprise integrations
- Proven experience leading projects from scoping to delivery
Key Responsibilities
- Working closely with in-house mobile development teams, providing guidance on secure coding practices, threat mitigation strategies, and optimal use of mobile security solutions.
- Utilize our mobile security vendors and tools to drive proactive security measures, ensuring optimal configuration, monitoring, and maintenance to safeguard our mobile applications.
- Oversee the deployment, integration, and ongoing support of mobile security tools, ensuring they are effectively utilized and updated.
- Provide technical leadership in securing mobile applications and infrastructure, ensuring compliance with industry standards and best practices.
- Manage the lifecycle of mobile security tools, including planning and executing upgrades to maintain optimal performance and security.
- Work closely with cross-functional teams to enhance security awareness, provide training, and ensure adherence to security protocols. Additionally, serve as a key feedback conduit to the mobile binary scanning team, risk management, and source scanning teams, ensuring continuous improvements in security posture and alignment with organizational security strategies.
- Utilize our mobile security vendors and tools to drive proactive security measures, ensuring optimal configuration, monitoring, and maintenance to safeguard our mobile applications.
- Oversee the deployment, integration, and ongoing support of mobile security tools, ensuring they are effectively utilized and updated.
- Provide technical leadership in securing mobile applications and infrastructure, ensuring compliance with industry standards and best practices.
- Manage the lifecycle of mobile security tools, including planning and executing upgrades to maintain optimal performance and security.
- Work closely with cross-functional teams to enhance security awareness, provide training, and ensure adherence to security protocols. Additionally, serve as a key feedback conduit to the mobile binary scanning team, risk management, and source scanning teams, ensuring continuous improvements in security posture and alignment with organizational security strategies.
Reverse Engineer - Android*
A Cybersecurity Firm
$90,000 - $120,000 a year
Required Qualifications & Skills
- Associate's, Bachelor's, or Master's degree in Computer Science or a related discipline (preferred)
- 3-5 years of hands-on experience with Android and reverse engineering
- In-depth understanding of Android internals and the ability to read, comprehend, and analyze source code software
- Familiarity with reverse engineering tools such as Jadx, Ghidra, Frida, IDA Pro, and Burp to perform binary and APK analysis
- 3-5 years of hands-on experience with Android and reverse engineering
- In-depth understanding of Android internals and the ability to read, comprehend, and analyze source code software
- Familiarity with reverse engineering tools such as Jadx, Ghidra, Frida, IDA Pro, and Burp to perform binary and APK analysis
Key Responsibilities
As a dedicated and collaborative Android Malware Reverse Engineer, you will conduct reverse engineering, security assessments, and code reviews. You will also conduct and assist with complex decompilation, unpacking, code review, and malicious mobile software reviews. The goal of the work is to identify families of malware and act on apps at scale.
To give you an idea of how this Reverse Engineer Malware Analysis - Android role would look and feel, here are some things you could expect to do:
- Review malicious applications and SDKs by analyzing, unpacking, and reverse engineering software that compromises Android devices
- Review security policy violations, vulnerabilities, or improper coding practices
- Research threats like APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
To give you an idea of how this Reverse Engineer Malware Analysis - Android role would look and feel, here are some things you could expect to do:
- Review malicious applications and SDKs by analyzing, unpacking, and reverse engineering software that compromises Android devices
- Review security policy violations, vulnerabilities, or improper coding practices
- Research threats like APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
Android Mobile Reverse Engineer*
An IT Consulting Firm
$100,000 - $150,000 a year
Required Qualifications & Skills
- Proficiency in Android app development
- Expertise in reverse engineering tools
- Knowledge of Android internals
- Strong debugging and analysis skills
- Familiarity with encryption and obfuscation techniques
- Ability to work with disassemblers and debuggers
Desired Qualifications:
- Experience with Android emulator tools
- Familiarity with mobile penetration testing
- Experience with static and dynamic analysis tools
- Knowledge of security exploits in mobile apps
- Ability to develop custom reverse engineering scripts
- Strong communication and reporting abilities
- Expertise in reverse engineering tools
- Knowledge of Android internals
- Strong debugging and analysis skills
- Familiarity with encryption and obfuscation techniques
- Ability to work with disassemblers and debuggers
Desired Qualifications:
- Experience with Android emulator tools
- Familiarity with mobile penetration testing
- Experience with static and dynamic analysis tools
- Knowledge of security exploits in mobile apps
- Ability to develop custom reverse engineering scripts
- Strong communication and reporting abilities
Key Responsibilities
- Analyze Android applications for vulnerabilities
- Deconstruct mobile application code
- Identify and mitigate security risks
- Reverse engineer mobile app binaries
- Conduct security audits on Android systems
- Document findings and create reports
- Deconstruct mobile application code
- Identify and mitigate security risks
- Reverse engineer mobile app binaries
- Conduct security audits on Android systems
- Document findings and create reports
Mobile Implant Software Engineer*
A Cyber-Risk Consulting Firm
$114,000 - $180,000 a year
Required Qualifications & Skills
- Proven experience in CNO and software development, particularly in support of DoD and Intelligence community customers
- Demonstrated ability to perform advanced research and development on embedded systems, Linux, and iOS platforms
- Strong understanding of network protocols and experience in implementing support for TCP, UDP, and TLS
- Experience in designing, developing, and integrating modular cyber capabilities
- Proficiency in using and integrating CI/CD tools and practices
- Excellent problem-solving skills and the ability to design novel solutions to complex security challenges
- Strong leadership skills with the ability to guide and mentor development teams
- Programming Languages: C, C++, Python, Java, x86 Assembly, MIPS Assembly, Microblaze Assembly, ARM Assembly, ARM64 Assembly, VHDL, Verilog, XML, JSON, HTML
- Tools and Technologies: LLDB/LLVM, IDA Pro, Immunity Debugger, Immunity Canvas, Eclipse, Git, Subversion, Embedded Systems, FPGAs, Docker, Intel Performance Primitives (IPP), High Performance Computing (HPC), REDHAWK, OmniORB CORBA, Software Defined Radios (SDR), Signal Processing, MySQL, PostgreSQL, JDBC, Django, ActiveMQ, Jpype, Pyxb, STOMP
- Demonstrated ability to perform advanced research and development on embedded systems, Linux, and iOS platforms
- Strong understanding of network protocols and experience in implementing support for TCP, UDP, and TLS
- Experience in designing, developing, and integrating modular cyber capabilities
- Proficiency in using and integrating CI/CD tools and practices
- Excellent problem-solving skills and the ability to design novel solutions to complex security challenges
- Strong leadership skills with the ability to guide and mentor development teams
- Programming Languages: C, C++, Python, Java, x86 Assembly, MIPS Assembly, Microblaze Assembly, ARM Assembly, ARM64 Assembly, VHDL, Verilog, XML, JSON, HTML
- Tools and Technologies: LLDB/LLVM, IDA Pro, Immunity Debugger, Immunity Canvas, Eclipse, Git, Subversion, Embedded Systems, FPGAs, Docker, Intel Performance Primitives (IPP), High Performance Computing (HPC), REDHAWK, OmniORB CORBA, Software Defined Radios (SDR), Signal Processing, MySQL, PostgreSQL, JDBC, Django, ActiveMQ, Jpype, Pyxb, STOMP
Key Responsibilities
- Lead research and development projects focused on mobile vulnerabilities and cyber operations
- Design and implement innovative solutions to address operational security challenges
- Architect and develop flexible, modular cyber capabilities in C, C++, and Python
- Triage and analyze public software vulnerabilities (CVEs) for security concerns
- Provide technical support and custom solutions to high-priority customer needs
- Design and develop new client/server data distribution tools
- Implement support for multiple network protocols, including TCP, UDP, and TLS
- Create custom build systems and ensure portability using Docker
- Integrate new projects with CI/CD services to streamline development processes
- Generate and maintain unit tests to enhance the reliability of client/server applications
- Guide the development team in adhering to industry software engineering standards and best practices
- Design and implement innovative solutions to address operational security challenges
- Architect and develop flexible, modular cyber capabilities in C, C++, and Python
- Triage and analyze public software vulnerabilities (CVEs) for security concerns
- Provide technical support and custom solutions to high-priority customer needs
- Design and develop new client/server data distribution tools
- Implement support for multiple network protocols, including TCP, UDP, and TLS
- Create custom build systems and ensure portability using Docker
- Integrate new projects with CI/CD services to streamline development processes
- Generate and maintain unit tests to enhance the reliability of client/server applications
- Guide the development team in adhering to industry software engineering standards and best practices
iOS Vulnerability Engineer (Software)*
An IT Consulting Firm
$120,000 - $170,000 a year
Required Qualifications & Skills
- Strong knowledge of iOS internals
- Proficiency in reverse engineering tools
- Expertise in static and dynamic code analysis
- Familiarity with secure coding practices
- Proficiency in iOS development tools (e.g., Xcode)
- Ability to exploit and remediate vulnerabilities
Desired skills:
- Knowledge of ARM assembly
- Experience with fuzz testing methodologies
- Familiarity with jailbreak development
- Understanding of malware analysis techniques
- Expertise in cryptographic protocols
- Proficiency in scripting for automation (e.g., Python)
- Proficiency in reverse engineering tools
- Expertise in static and dynamic code analysis
- Familiarity with secure coding practices
- Proficiency in iOS development tools (e.g., Xcode)
- Ability to exploit and remediate vulnerabilities
Desired skills:
- Knowledge of ARM assembly
- Experience with fuzz testing methodologies
- Familiarity with jailbreak development
- Understanding of malware analysis techniques
- Expertise in cryptographic protocols
- Proficiency in scripting for automation (e.g., Python)
Key Responsibilities
- Identify and analyze iOS vulnerabilities
- Develop mitigation strategies for discovered issues
- Conduct security assessments of iOS applications
- Perform reverse engineering of iOS binaries
- Collaborate with development teams to improve software security
- Document findings and recommend improvements
- Develop mitigation strategies for discovered issues
- Conduct security assessments of iOS applications
- Perform reverse engineering of iOS binaries
- Collaborate with development teams to improve software security
- Document findings and recommend improvements
Android Security Engineer*
An IT Consulting and Services Firm
$115,000 - $165,000 a year
Required Qualifications & Skills
- Reverse Engineering Fundamentals:
- Static Analysis - decompilation, dissasembly, code auditing
- Dynamic Analysis - debugging monitoring, fuzzing
- Sample Tools - IDA Pro, Ghidra, Radare2, Jadx, Fernflower, Smali, Baksmalu, ADB, JDWP, Android studio, bluestack, Frida, Wireshark, Cyberchef. HTTP interception, Yara, Snort
- Programming (Java/Kotlin, Scripting, Javascript, Encode/Decode, encryption and decryption)
- Android fundamentals (permissions, Manifest, Entry points, Broadcast receivers, exported activities, services, subclasses, Dalvik/ART Virtual machine)
- Static Analysis - decompilation, dissasembly, code auditing
- Dynamic Analysis - debugging monitoring, fuzzing
- Sample Tools - IDA Pro, Ghidra, Radare2, Jadx, Fernflower, Smali, Baksmalu, ADB, JDWP, Android studio, bluestack, Frida, Wireshark, Cyberchef. HTTP interception, Yara, Snort
- Programming (Java/Kotlin, Scripting, Javascript, Encode/Decode, encryption and decryption)
- Android fundamentals (permissions, Manifest, Entry points, Broadcast receivers, exported activities, services, subclasses, Dalvik/ART Virtual machine)
Key Responsibilities
- Reverse engineering and assessing risk and user harm from potentially harmful applications
- Conducting static and dynamic analysis
- Providing assessment and evidence to support findings
- Assessing detection and analysis gaps as well as scalable enforcement through detection rules
- Conducting static and dynamic analysis
- Providing assessment and evidence to support findings
- Assessing detection and analysis gaps as well as scalable enforcement through detection rules
Information Security Engineer (Android)*
A Large Online Media Provider
$197,000 - $291,000 a year
Required Qualifications & Skills
- Bachelor's degree or equivalent practical experience
- 8 years of experience with security assessments or security design reviews or threat modeling
- 8 years of coding experience in one or more general purpose languages
Preferred qualifications:
- Knowledge in programming languages, compilers, static and dynamic analysis techniques
- Experience in Mobile App Development and Android Apps
- Experience implementing sand-boxing infrastructure or low-level systems features and building static analysis tools, linters or compilers
- Experience with open source
- 8 years of experience with security assessments or security design reviews or threat modeling
- 8 years of coding experience in one or more general purpose languages
Preferred qualifications:
- Knowledge in programming languages, compilers, static and dynamic analysis techniques
- Experience in Mobile App Development and Android Apps
- Experience implementing sand-boxing infrastructure or low-level systems features and building static analysis tools, linters or compilers
- Experience with open source
Key Responsibilities
- Perform Android security reviews, research and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers.
- Review and develop secure operational practices, and provide security guidance for engineers and support staff
- Review designs and look for vulnerabilities, both with one-time reviews and longer term engagements
- Look for vulnerabilities with techniques including reverse engineering, fuzzing, and static analysis
- Respond to vulnerabilities with repos, mitigations, and hardening. Surface vulnerability patterns and design them out.
- Review and develop secure operational practices, and provide security guidance for engineers and support staff
- Review designs and look for vulnerabilities, both with one-time reviews and longer term engagements
- Look for vulnerabilities with techniques including reverse engineering, fuzzing, and static analysis
- Respond to vulnerabilities with repos, mitigations, and hardening. Surface vulnerability patterns and design them out.
Sr. Android Penetration Tester*
A Gobal Device Company
$130,000 - $166,000 a year
Required Qualifications & Skills
- 5+ years of penetration testing experience, including 2+ years of Android penetration testing and 1+ year of web application penetration testing
- Strong understanding of malware, phishing attacks, attack vectors, and security best practices
- Knowledge of penetration testing tools, threat modeling, and security frameworks
- Ability to conduct security research, CVE analysis, and adversary simulation
- Strong communication skills to work cross-functionally with engineering and security teams
- Experience working in corporate environments with internal penetration testing teams (preferred over agency-based consulting experience)
- Bachelor’s degree in either Cybersecurity, Computer Science, Information Security, or related field
Preferred Qualifications:
- Certifications in offensive security
- Published CVEs, blog posts, or walkthroughs on security research
- Malware development and reverse engineering experience
- Experience working in top security consulting firms or in-house red teams at major tech companies
- Hands-on experience with firmware penetration testing and IoT security.
- Strong understanding of malware, phishing attacks, attack vectors, and security best practices
- Knowledge of penetration testing tools, threat modeling, and security frameworks
- Ability to conduct security research, CVE analysis, and adversary simulation
- Strong communication skills to work cross-functionally with engineering and security teams
- Experience working in corporate environments with internal penetration testing teams (preferred over agency-based consulting experience)
- Bachelor’s degree in either Cybersecurity, Computer Science, Information Security, or related field
Preferred Qualifications:
- Certifications in offensive security
- Published CVEs, blog posts, or walkthroughs on security research
- Malware development and reverse engineering experience
- Experience working in top security consulting firms or in-house red teams at major tech companies
- Hands-on experience with firmware penetration testing and IoT security.
Key Responsibilities
- Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios
- Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Web application, Android platform, Android Apps, Backend APIs, and Cloud services
- Research & and conduct adversary simulation for known security threats and identify novel attack vectors to test a system’s relative security readiness
- Conduct Threat modelling, Threat Intelligence and scoping with stakeholders
- Assist in creating and maintaining internal penetration testing and practice within QA team, managing vulnerabilities and tracking until closure
- Build Test harness & required Automation suites and validate attack vectors in Threat Lab
- Co-ordinate with program management, security architects at Internal & offshore sites
- Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices
- Research and developing exploits for zero-day vulnerabilities
- Conduct penetration test on IOT and Firmware Devices
- Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Web application, Android platform, Android Apps, Backend APIs, and Cloud services
- Research & and conduct adversary simulation for known security threats and identify novel attack vectors to test a system’s relative security readiness
- Conduct Threat modelling, Threat Intelligence and scoping with stakeholders
- Assist in creating and maintaining internal penetration testing and practice within QA team, managing vulnerabilities and tracking until closure
- Build Test harness & required Automation suites and validate attack vectors in Threat Lab
- Co-ordinate with program management, security architects at Internal & offshore sites
- Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices
- Research and developing exploits for zero-day vulnerabilities
- Conduct penetration test on IOT and Firmware Devices
iOS Application Security Engineer*
A Cybersecurity Testing & Consulting Firm
$125,000 - $175,000 a year
Required Qualifications & Skills
- Bachelor’s degree in Computer Science, Information Security, or a related field, or 5+ years in mobile application development
- Extensive experience in iOS application development using Swift/Objective-C
- In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques
- Proficiency in iOS frameworks (UIKit, Core Data) and Android frameworks
- Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)
- Strong understanding of cryptography principles, secure data storage, and key management
Preferred Qualifications:
- Relevant security certifications
- Experience with mobile reverse engineering tools such as Frida
- Knowledge of App Store and Google Play Store compliance requirements
- Familiarity with advanced encryption techniques and secure app distribution
Key Responsibilities
- Secure Code Development (iOS & Android)
- Security Architecture & Threat Modeling
- Code Reviews & Security Auditing
- Mobile Vulnerability Management
- Penetration Testing & Threat Analysis
- Secure Data Handling & API Security
- Policy Development & Compliance
- Collaboration & Incident Response
iOS Engineer - Product Security*
A Tech Giant Company
$143,100 - $264,200 a year
Required Qualifications & Skills
- 2+ years of iOS app development experience in Swift and/or Objective-C
- Experience and/or strong interest in security/secure programming, digital signatures and PKI
- User interface programming experience with SwiftUI and/or UIKit
- Understanding of computer science fundamentals
- Able to thrive in a reciprocal environment and clearly communicate across teams
Preferred Qualifications:
- Self-motivated, critical, and detail oriented
- Strong debugging and analytical skills
- Familiar with the ISO 18013-5 standard is a plus
- Experience developing software with any of the following frameworks is a plus: ID Verifier API , Verify with Wallet API
- BS or MS in Computer Science, related technical field or equivalent experience