8kSec Academy
Cookie policy
This website academy.8ksec.io uses Cookies and similar technologies in order to distinguish you from other users. By using Cookies, We are able to provide you with a better experience and to improve Our Site by better understanding how you use it. Please read this Cookie Policy carefully and ensure that you understand it. Your acceptance of Our Cookie Policy is deemed to occur when you press the “accept” button on Our Cookie banner or when you have selected your preferred Cookie options in Our Cookie manager and pressed the “Continue” button. If you do not agree to Our Cookie Policy, please stop using Our Site immediately.
1. Definitions and Interpretation
In this Cookie Policy, unless the context otherwise requires, the following expressions have the following meanings:
Cookie: means a small file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site;
Cookie Law: means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and of EU Regulation 2016/679 General Data Protection Regulation (“GDPR”);
Personal data: means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data, as defined by EU Regulation 2016/679 General Data Protection Regulation (“GDPR”); and
We/Us/Our: means “Our Website/School/Company”, the brand owned and operated by Company name or Person.
2. Information About Us
Our Site is owned and operated by Company name or person(s).
- Registered address:
- Email address: your email
- Telephone number: your phone
3. How Does Our Site Use Cookies?
- 3.1 Our Site may place and access certain first-party Cookies on your computer or device. First party Cookies are those placed directly by Us and are used only by Us. We use Cookies to facilitate and improve your experience of Our Site and services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.
- 3.2 By using Our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than Us. Third-party Cookies are used on Our Site for analytics and for marketing purposes. For more details, please refer to section 4 below.
- 3.3 All Cookies used by and on Our Site are used in accordance with current Cookie Law. We may use some or all of the following types of Cookie:
-
3.3.1 Strictly Necessary Cookies
A Cookie falls into this category (usually first-party cookies) if it is essential to the operation of Our Site as without them we cannot provide the functionality that you need to use this website. For example, essential cookies help remember your preferences as you navigate through the online school, also support functions such as logging in, and payment transactions. -
3.3.2 Functionality Cookies
Functional Cookies allow our web site to remember choices you make, e.g. your user name, log in details and language preferences and any customizations you make to pages during your visit. They are necessary to provide features and services specific to individual users. -
3.3.3 Analytics Cookies
It is important for Us to understand how you use Our Site, for example, how efficiently you are able to navigate around it, and what features you use. Analytics Cookies enable us to gather this information, helping Us to improve Our Site and your experience of it. -
3.3.4 Marketing/Targeting Cookies
It is important for Us to know when and how often you visit Our Site, and which parts of it you have used (including which pages you have visited and which links you have visited). As with analytics Cookies, this information helps us to better understand you and, in turn, to make Our Site and advertising more relevant to your interests. Some information gathered by targeting Cookies may also be shared with third parties. -
3.3.5 Third Party Cookies
Third-party Cookies are not placed by Us; instead, they are placed by third parties that provide services to Us and/or to you. Third-party Cookies may be used by advertising services to serve up tailored advertising to you on Our Site, or by third parties providing analytics services to Us (these Cookies will work in the same way as analytics Cookies described above). -
3.3.6 Persistent Cookies
Any of the above types of Cookie may be a persistent Cookie. Persistent Cookies are those which remain on your computer or device for a predetermined period and are activated each time you visit Our Site. -
3.3.7 Session Cookies
Any of the above types of Cookie may be a session Cookie. Session Cookies are temporary and only remain on your computer or device from the point at which you visit Our Site until you close your browser. Session Cookies are deleted when you close your browser.
- 3.4 Cookies on Our Site are not permanent and will expire as indicated in the table below.
- 3.5 For more details of the personal data that We collect and use, the measures we have in place to protect personal data, your legal rights, and our legal obligations, please refer to our Privacy Policy
- 3.6 For more specific details of the Cookies that We use, please refer to the table below.
4. What Cookies Does Our Site Use?
- 4.1 The following first-party Cookies may be placed on your computer or device:
| Name of Cookie | Purpose | Strictly Necessary | Expires |
| XSRF-TOKEN | Preserves User Login information and states | Yes | When you close your browser |
| DPSettings | Preserves the user's Cookie policy preferences | Yes | 12 days |
| slim_session | Preserves User Login information and states | Yes | 2.5 days |
| affiliate | Tracks purchases made through affiliate links to ensure proper credit is given to the affiliate partner. | No | Depends on your affiliate cookie settings |
- 4.2 The following strictly necessary third-party Cookies may be placed on your computer or device (remove stripe cookies from the list if you don’t use stripe):
| Name of Cookie | Provider | Purpose | Expires |
| __stripe_sid | checkout.stripe.com | Used to process payments for our website. | 30 minutes |
| __stripe_mid | checkout.stripe.com | Used to distinguish users. | 1 year |
| cid | checkout.stripe.com | Used to process payments for our website. | 3 months |
| vuid | vimeo.com | These cookies are used by Vimeo to collect analytics tracking information. | 3 years |
| player | player.vimeo.com | These cookies are used by Vimeo to collect analytics tracking information. | 1 year |
| cf_clearance | www.cloudflare.com | Used by clouflare to specify the duration that our website is accessible to a visitor that successfully completed a previous Captcha or challenge. | 4 hours |
- 4.3 Our Site uses the following functional Cookies (remove cookies not exploited in your school):
Olark
| Name of Cookie | Provider | Purpose | Expires |
| hblid | academy.8ksec.io | a visitor identifier that we use only on your site to remember this visitor between visits | 2 years |
| wcsid | academy.8ksec.io | a session identifier that we use only on your site to keep track of a single chat session | When you close your browser |
| olfsk | academy.8ksec.io | storage identifier that we use to maintain chat state across pages (e.g. message history) | 2 years |
| _okbk | academy.8ksec.io | extra state information (e.g. chat box being open/closed) | When you close your browser |
| _ok | academy.8ksec.io | most recent Olark site ID (security measure) | When you close your browser |
| _oklv | academy.8ksec.io | the Olark loader version (for improved caching) | When you close your browser |
| _okla | academy.8ksec.io | used for caching purposes (loaded from CDN vs. loaded from our infrastructure) | When you close your browser |
| _okgid | academy.8ksec.io | used for caching by setting a hash for assets to determine if they have changed and if they need to be refreshed | When you close your browser |
| _okac | academy.8ksec.io | used for caching by setting a hash for assets to determine if they have changed and if they need to be refreshed | When you close your browser |
| _okdetect | academy.8ksec.io | Used for detecting when storage contexts have changed due to things like ssl or host transitions (helps maintain your chat across pages). | When you close your browser |
| _okck | academy.8ksec.io | Used to test whether the visitor's browser allows cookies to be stored. | When you close your browser |
TawkTo
| Name of Cookie | Provider | Purpose | Expires |
| tawk_uuid_ | academy.8ksec.io | HTTP cookie | |
| twk_idm_key | academy.8ksec.io | Visitor connection management | Session |
| twk_token_ | academy.8ksec.io | HTML local storage | |
| tawk_uuid_propertyId | academy.8ksec.io | Visitor tracking | 6 months |
| tawkUUID (deprecated) | academy.8ksec.io | Visitor tracking | 6 months |
| __tawkuuid (deprecated) | academy.8ksec.io | Visitor tracking | 6 months |
| ss (deprecated) | academy.8ksec.io | Visitor session management | Session |
| TawkConnectionTime | academy.8ksec.io | Manages visitor connection | Session |
| Tawk_xxxxxxx (deprecated) | academy.8ksec.io | Visitor preference | 6 months |
Freshchat
| Name of Cookie | Provider | Purpose | Expires |
| pubsub_cookie | academy.8ksec.io | This cookie is used for the freshchat service | When you close your browser |
| hop- | academy.8ksec.io | This cookie is used for the freshchat service | When you close your browser |
| academy.8ksec.io | This cookie is used for the freshchat service | When you close your browser | |
| _ | academy.8ksec.io | This cookie is used for the freshchat service | 1 year |
| pnctest | academy.8ksec.io | This cookie is used for the freshchat service | 1 year |
Zendesk Web Widget
| Name of Cookie | Provider | Purpose | Expires |
| ZD-zE_oauth | academy.8ksec.io | Stores the authentication token once the user has been authenticated. | 2 hours |
| ZD-currentTime | academy.8ksec.io | Sets the time when page loads. | Forever |
| ZD-settings | academy.8ksec.io | Stores a hash of settings so that we don't keep sending blips after the initial one | Forever |
| ZD-suid | academy.8ksec.io | Session id for pathfinder. | 20 minutes |
| ZD-buid | academy.8ksec.io | Collects Machine ID. | Forever |
| _answer_bot_service_session | academy.8ksec.io | Used to uniquely identify a user session when using Answer Bot Article Recommendations. | When you close your browser |
Intercom
| Name of Cookie | Provider | Purpose | Expires |
| intercom-id-[app_id] | academy.8ksec.io | Anonymous visitor identifier cookie. As people visit your site they get this cookie. | 9 months |
| intercom-session-[app_id] | academy.8ksec.io | Identifier for each unique browser session. This session cookie is refreshed on each successful logged-in ping, extending it one week from that moment. The user can access their conversations and have data communicated on logged-out pages for 1 week, as long as the session isn’t intentionally terminated with Intercom('shutdown');, which usually happens on logout. |
1 week |
| intercom-device-id-[app_id] | academy.8ksec.io | Identifier for each unique device that interacts with the Messenger. It is refreshed on each successful ping, extending it another 9 months. We use this cookie to determine the unique devices interacting with the Intercom Messenger to prevent abuse. |
9 months |
- 4.4 Our Site uses analytics services provided by your analytics services, if any. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling us to better understand how Our Site is used. This, in turn, enables us to improve Our Site and the products and services offered through them.
- 4.5 The analytics services used by Our Site use Cookies to gather the required information. You do not have to allow us to use these Cookies, however, whilst our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable us to continually improve Our Site, making it a better and more useful experience for you.
- 4.6 The analytics services used by Our Site uses the following Cookies (remove cookies not exploited in your school):
Google Analytics
| Name of Cookie | Provider | Purpose | Expires |
| _ga | academy.8ksec.io | Google Analytics: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 years |
| _gat | academy.8ksec.io | Google Analytics: Used by Google Analytics to throttle the request rate. | When you close your browser |
| _gid | academy.8ksec.io | Google Analytics: Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | When you close your browser |
| _ga_container-id | academy.8ksec.io | Used to persist session state. | 2 years |
Mixpanel
| Name of Cookie | Provider | Purpose | Expires |
| mp_#_mixpanel | academy.8ksec.io | MixPanel: Cookie used by MixPanel for analytics purposes | 1 year |
BDOW
| Name of Cookie | Provider | Purpose | Expires |
| __smToken | academy.8ksec.io | The __smToken is set once you login to Sumo and is checked to verify whether you are logged into Sumo or not | 1 year |
| __smSmartbarShown | academy.8ksec.io | cookie is set when the Smart Bars are shown on your website | 1 year |
| __smVID | academy.8ksec.io | Used to display relevant advertising | 1 month |
| __smSessionId | academy.8ksec.io | Used by Sumo to establish a cookie on a users computer to begin a session to enable Sumo products | When you close your browser |
| __smListBuilderShown | academy.8ksec.io | cookie is set when the List Builder is shown on your website | 1 year |
| __smScrollBoxShown | academy.8ksec.io | cookie is set when the Scroll box is shown on your website | 1 year |
| __smWelcomeMatShown | academy.8ksec.io | Cookie is set when the Welcome mat is shown on your website | 1 year |
| __smListBuilderOptOut | academy.8ksec.io | Is set when a visitor clicks an "Opt-Out" button on the List Builder | 1 year |
| __smSmartBarOptOut | academy.8ksec.io | Is set when a visitor clicks an "Opt-Out" button on Smart bars | 1 year |
| __smScrollBoxOptOut | academy.8ksec.io | Is set when a visitor clicks an "Opt-Out" button on Scroll box | 1 year |
| __smWelcomeMatOptOut | academy.8ksec.io | Is set when a visitor clicks an "Opt-Out" button on welcome mat | 1 year |
| __smSubscribed | academy.8ksec.io | Is set when a visitor subscribes via any of the List Builder, Welcome Mat, Scroll Box or Smart Bars they are shown on your website | 1 year |
-
4.7 Targeting/Marketing cookies
Targeting/Marketing cookies are used to track visitors across websites. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers. If you do not allow these cookies, you will experience less targeted advertising (remove cookies not exploited in your school):
Facebook
| Name of Cookie | Provider | Purpose | Expires |
| _fbp | academy.8ksec.io | Identifies browsers for advertising and site analytics services | 90 days |
| fr | facebook.com | Delivers advertisement products such as real-time bidding from third-party advertisers | 90 days |
| datr | facebook.com | Identifies the web browser used to connect to Facebook; enhances security and site integrity | 2 years |
| c_user | facebook.com | Contains the user ID of the currently logged-in user | 1 year< |
| xs | facebook.com | Contains session number and secret number for security | Varies, tied to session |
| sb | facebook.com | Helps improve friend suggestions | 2 years |
| oo | facebook.com | Opt-out of Facebook showing ads based on activity on third-party websites | 5 years |
| presence | facebook.com | Contains user's chat state (e.g., which chat tabs are open) | End of session |
Hubspot
| Name of Cookie | Provider | Purpose | Expires |
| __hstc | academy.8ksec.io | The main cookie for tracking visitors. It contains the domain, utk (see below), initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). | 6 months |
| hubspotutk | academy.8ksec.io | This cookie is used for to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts. | 6 months |
| __hssc | academy.8ksec.io | This cookie keeps track of sessions. This is used to determine if we should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. | 30 min |
| __hssrc | academy.8ksec.io | Whenever HubSpot changes the session cookie, this cookie is also set. We set it to 1 and use it to determine if the visitor has restarted their browser. If this cookie does not exist when we manage cookies, we assume it is a new session. | session |
| messagesUtk | academy.8ksec.io | This cookie is used to recognize visitors who chat with you via the messages tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser. If you have a history of chatting with a visitor and they return to your site later in the same cookied browser, the messages tool will load your conversation history with that visitor. | 6 months |
Refersion
| Name of Cookie | Provider | Purpose | Expires |
| ci_session | refersion.com | Preserves users states across page requests. | When you close your browser |
| refersion_csrf_code | refersion.com | Sets csrf token to prevent cross site request forgery. | When you close your browser |
| __cfduid | refersion.com | Used by the content network, Cloudflare, to identify trusted web traffic. | 1 year |
Google AdWords
| Name of Cookie | Provider | Purpose | Expires |
| ads/ga-audiences | academy.8ksec.io | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. | When you close your browser |
Fomo
| Name of Cookie | Provider | Purpose | Expires |
| Fomo.hstry-count-since-first-event- | academy.8ksec.io | Used by Fomo for showing user notifications. | Persistent |
| Fomo.hstry-first-timestamp- | academy.8ksec.io | Used by Fomo for showing user notifications | Persistent |
| Fomo.snv- | academy.8ksec.io | Used by Fomo for showing user notifications | Persistent |
5. Consent and Control
(Keep section 5.1 and 5.2 if you are using our cookie opt-in mechanism from School Privacy settings.
- 5.1 Before Cookies are placed on your computer or device, you will be shown a banner requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies unless those Cookies are strictly necessary; however certain features of Our Site may not function fully or as intended. You will be given the opportunity to allow and/or deny different categories of Cookie that We use.
- 5.2 In addition to the controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all Cookies or only third-party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
- 5.3 The links below provide instructions on how to control Cookies in all mainstream browsers:
- 5.3.1 Google Chrome
- 5.3.2 Microsoft Internet Explorer
- 5.3.3 Microsoft Edge (Please note that there are no specific instructions at this time, but Microsoft support will be able to assist)
- 5.3.4 Safari (macOS)
- 5.3.5 Safari (iOS)
- 5.3.6 Mozilla Firefox
- 5.3.7 Android (Please refer to your device’s documentation for manufacturers’ own browsers)
6. Changes to this Cookie Policy
- 6.1 We may alter this Cookie Policy at any time. Any such changes will become binding on you on your first use of Our Site after the changes have been made. You are therefore advised to check this page from time to time.
- 6.2 In the event of any conflict between the current version of this Cookie Policy and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.
7. Further Information
- 7.1 If you would like to know more about how We use Cookies, please contact Us at support@8ksec.io.
- 7.2 For more information about privacy, data protection and our terms and conditions, please visit the following:
- 7.2.1 Privacy Policy
- 7.2.1 Terms & Conditions
At 8kSec, we Empower businesses with Cutting-Edge Mobile Security Training, Pioneering Vulnerability research, and Innovative product offerings
Copyright © 2025
CONNECT WITH US
-
Twitter
-
LinkedIn
Live Trainings list:
Early Bird Pricing Ends January 15
Enroll now to lock in savings!
Be Among the First to Access Our Courses!
Join the thousands who’ve already transformed their skills with our live training—now available in newly launched, on-demand courses crafted for maximum impact.
As a thank you for being an early supporter, we’re offering exclusive Early Bird pricing and extended access for 15 months—our best value ever.
Register by November 30th to take advantage of these benefits.
Register by November 30th to take advantage of these benefits.
Lead Application Penetration Tester*
A Cybersecurity Testing & Consulting Firm
$150,000 - $180,000 a year
Required Qualifications & Skills
- Bachelor’s degree in Computer Science, Software Engineering, or related field, or equivalent job experience
- Thorough security testing of developer workflows and mobile applications (iPhone and Android), including identification of security issues and vulnerabilities
- Proficiency in multiple programming languages and understanding of secure coding practices
- In-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications
- Detailed assessments and compilation of findings into reports for further review and action
- Experience with tools like Burp Suite Pro, Checkmarx, Corellium, Synopsys, Acunetix, VeraCode, SAST & DAST Tools, Plextrac, Cloud security (AWS / Azure / Oracle), Postman, SmartBear ReadyAPI, SoapUI, and Hashicorp Vault
Key Responsibilities
- Team Leadership: Lead and mentor penetration testers, ensuring high-quality security assessments
- Mobile & DevOps Security: Conduct security testing of mobile apps (iOS/Android) and integrate security into DevOps pipelines
- Code & Penetration Testing: Perform source code reviews and comprehensive web/mobile penetration testing
- Reporting & Collaboration: Document findings in detailed reports and collaborate with development teams for remediation
- Offensive Security: Execute red team exercises and offensive security operations
- Security Strategy: Develop and implement security testing strategies and best practices
- Global Collaboration: Work with global teams to secure applications
- Automation: Automate security testing within CI/CD pipelines
iOS Application Security Engineer*
A Cyber-Risk Consulting Firm
$150,000 - $200,000 a year
Required Qualifications & Skills
- Bachelor’s degree in Computer Science, Information Security, or a related field, or 5+ years in mobile application development
- Proficiency in iOS frameworks (UIKit, Core Data) and Android frameworks
- In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques
- Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)
- Extensive experience in iOS application development using Swift/Objective-C, ideally also knowledge of Android (Java/Kotlin) security
- Strong understanding of cryptography principles, secure data storage, and key management
- Experience with mobile reverse engineering tools such as Frida
- Knowledge of App Store and Google Play Store compliance requirements
- Familiarity with advanced encryption techniques and secure app distribution
- Proficiency in iOS frameworks (UIKit, Core Data) and Android frameworks
- In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques
- Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)
- Extensive experience in iOS application development using Swift/Objective-C, ideally also knowledge of Android (Java/Kotlin) security
- Strong understanding of cryptography principles, secure data storage, and key management
- Experience with mobile reverse engineering tools such as Frida
- Knowledge of App Store and Google Play Store compliance requirements
- Familiarity with advanced encryption techniques and secure app distribution
Key Responsibilities
- Secure Mobile Development: Implement secure coding practices (Swift/Objective-C, Kotlin/Java) and ensure secure data handling
- Security Architecture & Threat Modeling: Design secure architectures, perform threat modeling, and ensure compliance (OWASP, PCI DSS, NIST)
- Code Reviews & Auditing: Conduct code reviews, participate in security audits, and perform SAST/DAST
- Vulnerability Management & Penetration Testing: Manage vulnerabilities, conduct penetration tests, and analyze threats
- Security Architecture & Threat Modeling: Design secure architectures, perform threat modeling, and ensure compliance (OWASP, PCI DSS, NIST)
- Code Reviews & Auditing: Conduct code reviews, participate in security audits, and perform SAST/DAST
- Vulnerability Management & Penetration Testing: Manage vulnerabilities, conduct penetration tests, and analyze threats
- API Security & Compliance: Secure API integrations and ensure compliance with app store guidelines
- Collaboration & Incident Response: Collaborate with teams and respond to security incidents
Specialist, Offensive Android Security*
A Tech Giant Company
$151,200 - $207,500 a year
Required Qualifications & Skills
- Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent combination of education training and experience
- Proficiency in tools for kernel debugging, fuzzing, and penetration testing
- Experience with reverse engineering tools (e.g., IDA Pro & Ghidra), debugging tools (e.g., JTAG/SWD)
- 5+ years of experience in system-level penetration testing and vulnerability research
- Strong knowledge of low-level programming languages such as C and Assembly
- Proficiency in tools for kernel debugging, fuzzing, and penetration testing
- Experience with reverse engineering tools (e.g., IDA Pro & Ghidra), debugging tools (e.g., JTAG/SWD)
- 5+ years of experience in system-level penetration testing and vulnerability research
- Strong knowledge of low-level programming languages such as C and Assembly
Key Responsibilities
- Identify trends in kernel and device driver attacks and conduct in-depth research on emerging threats
- Conduct reverse engineering and Secure OS architecture analysis
Develop automated vulnerability discovery and analysis tools, such as fuzzing tools
- Perform penetration testing on OS components, including TEE, bootloader, and kernel
- Research and test the latest exploit trends, developing Proof of Concept attacks and advanced exploits (0-day, 1-day)
- Conduct in-depth root cause analysis to understand and mitigate system vulnerabilities
Kernel Security Researcher*
A Tech Giant Company
$143,100 - $264,200 a year
Required Qualifications & Skills
- Background in kernel and low level systems technologies
- Background in secure coding and code auditing
- Knowledge of modern anti-exploitation mitigations and their effectiveness
- Programming background in C, C++, and Python
Preferred Qualifications:
- Knowledge of macOS and iOS security architectures
- Background in secure coding and code auditing
- Knowledge of modern anti-exploitation mitigations and their effectiveness
- Programming background in C, C++, and Python
Preferred Qualifications:
- Knowledge of macOS and iOS security architectures
- Experience of software exploitation
- Knowledge of memory safe languages
- Proficiency with assembly languages, particularly ARM64, is a big plus
Key Responsibilities
Your responsibilities will include enhancing the security of our products to make them the most secure in the industry, evaluating security-critical code, developing intelligent automated tools for vulnerability detection, building exploits to test mitigation techniques, providing security-focused consultations on key technologies to partner teams, and driving the design and development of new mitigation strategies. This position may require some travel to our other sites, vendors, and security conferences.
Mobile Reverse Engineer*
An IT Services Firm
$88,200 - $195,200 a year
Required Qualifications & Skills
- Bachelor’s degree
- 5+ yrs experience in mobile software reverse engineering
- Experience with Windows, Linux, Android, OS X, and iOS operating system & architecture
- Experience in computer or cell phone architecture, system internals, operating systems, and/or boot process software engineering
Experience with static analysis tools such as IDA Pro, Ghidra and Binary Ninja
- Experience with debugging tools such as WinDbg
- Experience with virtualization, sandboxing, and emulation tools like VMware, KVM, QEMU and others
- Working knowledge of programming languages such as C, C++, .NET, Python, Java, etc.
- Experience debugging mobile application memory and performance issues
Preferred:
- Experience requiring a deep knowledge of Android and a strong passion in mobile industry and mobile development
- Experience developing/designing mobile phone platforms highly desired
- Experience in wireless API's (Wi-Fi, Bluetooth) preferred
- Engineer software scripts in C, C++, and Java with emphasis on prototyping and API extraction
- 5+ yrs experience in mobile software reverse engineering
- Experience with Windows, Linux, Android, OS X, and iOS operating system & architecture
- Experience in computer or cell phone architecture, system internals, operating systems, and/or boot process software engineering
Experience with static analysis tools such as IDA Pro, Ghidra and Binary Ninja
- Experience with debugging tools such as WinDbg
- Experience with virtualization, sandboxing, and emulation tools like VMware, KVM, QEMU and others
- Working knowledge of programming languages such as C, C++, .NET, Python, Java, etc.
- Experience debugging mobile application memory and performance issues
Preferred:
- Experience requiring a deep knowledge of Android and a strong passion in mobile industry and mobile development
- Experience developing/designing mobile phone platforms highly desired
- Experience in wireless API's (Wi-Fi, Bluetooth) preferred
- Engineer software scripts in C, C++, and Java with emphasis on prototyping and API extraction
Key Responsibilities
- Provide malicious code reverse engineering to isolate, review, analyze, and reverse-engineer potentially malicious programs recovered from compromised computer systems and networks
- Research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits
- Research behavior of binaries and share detailed understanding of how apps behave at memory/register level in support of technical exploitation operations
- Support efforts to design, prototype, document, test, conduct exploitation automation and transition code analysis methods and tools specific to technical exploitation operations
- Research new trends, techniques, and packaging of malicious software to stay current and ready to identify and handle zero-day exploits
- Research behavior of binaries and share detailed understanding of how apps behave at memory/register level in support of technical exploitation operations
- Support efforts to design, prototype, document, test, conduct exploitation automation and transition code analysis methods and tools specific to technical exploitation operations
Senior Lead Security Engineer - Mobile*
A Global Banking Corporation
$147,700 - $190,000 a year
Required Qualifications & Skills
- Formal training or certification on Mobile Development concepts and 5+ years applied experience
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices
- Ability to collaborate with development teams on security functions & resolutions
- Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
- Strong collaboration and communication skills are essential for working effectively with teams on security implementations
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for future state architecture & enterprise integrations
- Proven experience leading projects from scoping to delivery
- Strong understanding of mobile application security risks and mitigation strategies for both Android and iOS platforms
- Experience in implementing or managing mobile security operations
- Familiarity with CI/CD pipelines, DevSecOps methodologies, and secure software development practices
- Ability to collaborate with development teams on security functions & resolutions
- Hands-on practical experience delivering enterprise level cybersecurity solutions and controls
- Strong collaboration and communication skills are essential for working effectively with teams on security implementations
- Ability to evaluate current and emerging technologies to select or recommend the best solutions for future state architecture & enterprise integrations
- Proven experience leading projects from scoping to delivery
Key Responsibilities
- Working closely with in-house mobile development teams, providing guidance on secure coding practices, threat mitigation strategies, and optimal use of mobile security solutions.
- Utilize our mobile security vendors and tools to drive proactive security measures, ensuring optimal configuration, monitoring, and maintenance to safeguard our mobile applications.
- Oversee the deployment, integration, and ongoing support of mobile security tools, ensuring they are effectively utilized and updated.
- Provide technical leadership in securing mobile applications and infrastructure, ensuring compliance with industry standards and best practices.
- Manage the lifecycle of mobile security tools, including planning and executing upgrades to maintain optimal performance and security.
- Work closely with cross-functional teams to enhance security awareness, provide training, and ensure adherence to security protocols. Additionally, serve as a key feedback conduit to the mobile binary scanning team, risk management, and source scanning teams, ensuring continuous improvements in security posture and alignment with organizational security strategies.
- Utilize our mobile security vendors and tools to drive proactive security measures, ensuring optimal configuration, monitoring, and maintenance to safeguard our mobile applications.
- Oversee the deployment, integration, and ongoing support of mobile security tools, ensuring they are effectively utilized and updated.
- Provide technical leadership in securing mobile applications and infrastructure, ensuring compliance with industry standards and best practices.
- Manage the lifecycle of mobile security tools, including planning and executing upgrades to maintain optimal performance and security.
- Work closely with cross-functional teams to enhance security awareness, provide training, and ensure adherence to security protocols. Additionally, serve as a key feedback conduit to the mobile binary scanning team, risk management, and source scanning teams, ensuring continuous improvements in security posture and alignment with organizational security strategies.
Reverse Engineer - Android*
A Cybersecurity Firm
$90,000 - $120,000 a year
Required Qualifications & Skills
- Associate's, Bachelor's, or Master's degree in Computer Science or a related discipline (preferred)
- 3-5 years of hands-on experience with Android and reverse engineering
- In-depth understanding of Android internals and the ability to read, comprehend, and analyze source code software
- Familiarity with reverse engineering tools such as Jadx, Ghidra, Frida, IDA Pro, and Burp to perform binary and APK analysis
- 3-5 years of hands-on experience with Android and reverse engineering
- In-depth understanding of Android internals and the ability to read, comprehend, and analyze source code software
- Familiarity with reverse engineering tools such as Jadx, Ghidra, Frida, IDA Pro, and Burp to perform binary and APK analysis
Key Responsibilities
As a dedicated and collaborative Android Malware Reverse Engineer, you will conduct reverse engineering, security assessments, and code reviews. You will also conduct and assist with complex decompilation, unpacking, code review, and malicious mobile software reviews. The goal of the work is to identify families of malware and act on apps at scale.
To give you an idea of how this Reverse Engineer Malware Analysis - Android role would look and feel, here are some things you could expect to do:
- Review malicious applications and SDKs by analyzing, unpacking, and reverse engineering software that compromises Android devices
- Review security policy violations, vulnerabilities, or improper coding practices
- Research threats like APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
To give you an idea of how this Reverse Engineer Malware Analysis - Android role would look and feel, here are some things you could expect to do:
- Review malicious applications and SDKs by analyzing, unpacking, and reverse engineering software that compromises Android devices
- Review security policy violations, vulnerabilities, or improper coding practices
- Research threats like APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
Android Mobile Reverse Engineer*
An IT Consulting Firm
$100,000 - $150,000 a year
Required Qualifications & Skills
- Proficiency in Android app development
- Expertise in reverse engineering tools
- Knowledge of Android internals
- Strong debugging and analysis skills
- Familiarity with encryption and obfuscation techniques
- Ability to work with disassemblers and debuggers
Desired Qualifications:
- Experience with Android emulator tools
- Familiarity with mobile penetration testing
- Experience with static and dynamic analysis tools
- Knowledge of security exploits in mobile apps
- Ability to develop custom reverse engineering scripts
- Strong communication and reporting abilities
- Expertise in reverse engineering tools
- Knowledge of Android internals
- Strong debugging and analysis skills
- Familiarity with encryption and obfuscation techniques
- Ability to work with disassemblers and debuggers
Desired Qualifications:
- Experience with Android emulator tools
- Familiarity with mobile penetration testing
- Experience with static and dynamic analysis tools
- Knowledge of security exploits in mobile apps
- Ability to develop custom reverse engineering scripts
- Strong communication and reporting abilities
Key Responsibilities
- Analyze Android applications for vulnerabilities
- Deconstruct mobile application code
- Identify and mitigate security risks
- Reverse engineer mobile app binaries
- Conduct security audits on Android systems
- Document findings and create reports
- Deconstruct mobile application code
- Identify and mitigate security risks
- Reverse engineer mobile app binaries
- Conduct security audits on Android systems
- Document findings and create reports
Mobile Implant Software Engineer*
A Cyber-Risk Consulting Firm
$114,000 - $180,000 a year
Required Qualifications & Skills
- Proven experience in CNO and software development, particularly in support of DoD and Intelligence community customers
- Demonstrated ability to perform advanced research and development on embedded systems, Linux, and iOS platforms
- Strong understanding of network protocols and experience in implementing support for TCP, UDP, and TLS
- Experience in designing, developing, and integrating modular cyber capabilities
- Proficiency in using and integrating CI/CD tools and practices
- Excellent problem-solving skills and the ability to design novel solutions to complex security challenges
- Strong leadership skills with the ability to guide and mentor development teams
- Programming Languages: C, C++, Python, Java, x86 Assembly, MIPS Assembly, Microblaze Assembly, ARM Assembly, ARM64 Assembly, VHDL, Verilog, XML, JSON, HTML
- Tools and Technologies: LLDB/LLVM, IDA Pro, Immunity Debugger, Immunity Canvas, Eclipse, Git, Subversion, Embedded Systems, FPGAs, Docker, Intel Performance Primitives (IPP), High Performance Computing (HPC), REDHAWK, OmniORB CORBA, Software Defined Radios (SDR), Signal Processing, MySQL, PostgreSQL, JDBC, Django, ActiveMQ, Jpype, Pyxb, STOMP
- Demonstrated ability to perform advanced research and development on embedded systems, Linux, and iOS platforms
- Strong understanding of network protocols and experience in implementing support for TCP, UDP, and TLS
- Experience in designing, developing, and integrating modular cyber capabilities
- Proficiency in using and integrating CI/CD tools and practices
- Excellent problem-solving skills and the ability to design novel solutions to complex security challenges
- Strong leadership skills with the ability to guide and mentor development teams
- Programming Languages: C, C++, Python, Java, x86 Assembly, MIPS Assembly, Microblaze Assembly, ARM Assembly, ARM64 Assembly, VHDL, Verilog, XML, JSON, HTML
- Tools and Technologies: LLDB/LLVM, IDA Pro, Immunity Debugger, Immunity Canvas, Eclipse, Git, Subversion, Embedded Systems, FPGAs, Docker, Intel Performance Primitives (IPP), High Performance Computing (HPC), REDHAWK, OmniORB CORBA, Software Defined Radios (SDR), Signal Processing, MySQL, PostgreSQL, JDBC, Django, ActiveMQ, Jpype, Pyxb, STOMP
Key Responsibilities
- Lead research and development projects focused on mobile vulnerabilities and cyber operations
- Design and implement innovative solutions to address operational security challenges
- Architect and develop flexible, modular cyber capabilities in C, C++, and Python
- Triage and analyze public software vulnerabilities (CVEs) for security concerns
- Provide technical support and custom solutions to high-priority customer needs
- Design and develop new client/server data distribution tools
- Implement support for multiple network protocols, including TCP, UDP, and TLS
- Create custom build systems and ensure portability using Docker
- Integrate new projects with CI/CD services to streamline development processes
- Generate and maintain unit tests to enhance the reliability of client/server applications
- Guide the development team in adhering to industry software engineering standards and best practices
- Design and implement innovative solutions to address operational security challenges
- Architect and develop flexible, modular cyber capabilities in C, C++, and Python
- Triage and analyze public software vulnerabilities (CVEs) for security concerns
- Provide technical support and custom solutions to high-priority customer needs
- Design and develop new client/server data distribution tools
- Implement support for multiple network protocols, including TCP, UDP, and TLS
- Create custom build systems and ensure portability using Docker
- Integrate new projects with CI/CD services to streamline development processes
- Generate and maintain unit tests to enhance the reliability of client/server applications
- Guide the development team in adhering to industry software engineering standards and best practices
iOS Vulnerability Engineer (Software)*
An IT Consulting Firm
$120,000 - $170,000 a year
Required Qualifications & Skills
- Strong knowledge of iOS internals
- Proficiency in reverse engineering tools
- Expertise in static and dynamic code analysis
- Familiarity with secure coding practices
- Proficiency in iOS development tools (e.g., Xcode)
- Ability to exploit and remediate vulnerabilities
Desired skills:
- Knowledge of ARM assembly
- Experience with fuzz testing methodologies
- Familiarity with jailbreak development
- Understanding of malware analysis techniques
- Expertise in cryptographic protocols
- Proficiency in scripting for automation (e.g., Python)
- Proficiency in reverse engineering tools
- Expertise in static and dynamic code analysis
- Familiarity with secure coding practices
- Proficiency in iOS development tools (e.g., Xcode)
- Ability to exploit and remediate vulnerabilities
Desired skills:
- Knowledge of ARM assembly
- Experience with fuzz testing methodologies
- Familiarity with jailbreak development
- Understanding of malware analysis techniques
- Expertise in cryptographic protocols
- Proficiency in scripting for automation (e.g., Python)
Key Responsibilities
- Identify and analyze iOS vulnerabilities
- Develop mitigation strategies for discovered issues
- Conduct security assessments of iOS applications
- Perform reverse engineering of iOS binaries
- Collaborate with development teams to improve software security
- Document findings and recommend improvements
- Develop mitigation strategies for discovered issues
- Conduct security assessments of iOS applications
- Perform reverse engineering of iOS binaries
- Collaborate with development teams to improve software security
- Document findings and recommend improvements