View all jobs
Vulnerability Researcher
Fully, RemoteAbout This Role
We are seeking a talented Vulnerability Researcher or Exploit Engineer to join our security research
team. This role focuses on discovering, analyzing, and demonstrating vulnerabilities in mobile platforms
(Android, iOS) and desktop operating systems (Windows). You will contribute to the development of
advanced security capabilities while working with cutting-edge tools and techniques in vulnerability
research, reverse engineering, and exploitation. Successful candidates will have demonstrable
expertise in at least one of our target platforms and a strong foundation in security principles.
CORE RESPONSIBILITIES
• Conduct security research on mobile (Android, iOS) and desktop (Windows) platforms to identify
novel vulnerabilities and attack surfaces
• Develop proof-of-concept exploits and technical demonstrations of discovered vulnerabilities
• Perform reverse engineering and binary analysis on platform code and third-party applications
• Analyze platform architecture, system libraries, and kernel components to understand security
mechanisms
• Document findings with technical depth, including vulnerability chain analysis and impact
assessment
• Contribute to the development of automated tools and frameworks for vulnerability discovery and
exploitation
• Collaborate with cross-functional teams to understand customer requirements and technical
constraints
• Stay current with platform updates, security patches, and emerging vulnerability classes
QUALIFICATIONS
Required
• Hands-on experience with at least one of the following platforms: Android, iOS, or Windows
• Strong understanding of operating system internals (kernel architecture, process management,
memory management, IPC mechanisms)
• Proficiency in reverse engineering tools and techniques (debuggers, disassemblers, binary
instrumentation)
• Experience with one or more programming/scripting languages (C, C++, Python, JavaScript,
Java, or assembly)
• Familiarity with common vulnerability classes and exploitation techniques (memory corruption,
logic flaws, permission bypass, etc.)
• Ability to communicate technical findings clearly in writing and through presentations
• Experience working in a security-conscious environment with proper handling of sensitive
vulnerability information
• US citizen with ability to obtain government security clearance
Preferred
• Published security research, public vulnerability disclosures, or relevant conference presentations
• Experience with mobile platform instrumentation and debugging (Frida, lldb, Android Studio
debugger)
• Expertise in wireless communications, messaging protocols (SMS, RCS, IMS), or network-level
attack vectors
• Proficiency with firmware analysis and hardware security concepts
• Experience with malware analysis and threat research
• Background in threat modeling and security architecture assessment
• Experience developing automation tools for security research (test harnesses, instrumentation
frameworks)
• Current TS/SCI security clearance
WHO THRIVES IN THIS ROLE
Skills and credentials matter, but the engineers who excel here share certain qualities that are difficult
to teach and impossible to fake:
• Comfort in chaos — you do your best work when requirements are incomplete, the environment is
unfamiliar, and the answer is not obvious
• Customer obsession with an engineering backbone — you care deeply about outcomes, and you
have the technical depth to deliver them
• Intellectual honesty — you tell customers and colleagues what is true, including when the honest
answer is uncomfortable or inconvenient
• Bias toward action — you make informed decisions quickly, execute, and adjust; paralysis under
ambiguity is not in your vocabulary
• Extreme ownership — you follow problems all the way to resolution, never stopping at the handoff
• Builder instinct — when something does not exist that should exist, you build it; when something
is broken, you fix it rather than file a ticket about it
• Restless curiosity — you go deep on customer domains, not just your own product, because you
understand that credibility is built on comprehension
• Clear, confident communication — you can hold your own in a boardroom and equally in a
terminal window; you adjust register without losing substance
We are seeking a talented Vulnerability Researcher or Exploit Engineer to join our security research
team. This role focuses on discovering, analyzing, and demonstrating vulnerabilities in mobile platforms
(Android, iOS) and desktop operating systems (Windows). You will contribute to the development of
advanced security capabilities while working with cutting-edge tools and techniques in vulnerability
research, reverse engineering, and exploitation. Successful candidates will have demonstrable
expertise in at least one of our target platforms and a strong foundation in security principles.
CORE RESPONSIBILITIES
• Conduct security research on mobile (Android, iOS) and desktop (Windows) platforms to identify
novel vulnerabilities and attack surfaces
• Develop proof-of-concept exploits and technical demonstrations of discovered vulnerabilities
• Perform reverse engineering and binary analysis on platform code and third-party applications
• Analyze platform architecture, system libraries, and kernel components to understand security
mechanisms
• Document findings with technical depth, including vulnerability chain analysis and impact
assessment
• Contribute to the development of automated tools and frameworks for vulnerability discovery and
exploitation
• Collaborate with cross-functional teams to understand customer requirements and technical
constraints
• Stay current with platform updates, security patches, and emerging vulnerability classes
QUALIFICATIONS
Required
• Hands-on experience with at least one of the following platforms: Android, iOS, or Windows
• Strong understanding of operating system internals (kernel architecture, process management,
memory management, IPC mechanisms)
• Proficiency in reverse engineering tools and techniques (debuggers, disassemblers, binary
instrumentation)
• Experience with one or more programming/scripting languages (C, C++, Python, JavaScript,
Java, or assembly)
• Familiarity with common vulnerability classes and exploitation techniques (memory corruption,
logic flaws, permission bypass, etc.)
• Ability to communicate technical findings clearly in writing and through presentations
• Experience working in a security-conscious environment with proper handling of sensitive
vulnerability information
• US citizen with ability to obtain government security clearance
Preferred
• Published security research, public vulnerability disclosures, or relevant conference presentations
• Experience with mobile platform instrumentation and debugging (Frida, lldb, Android Studio
debugger)
• Expertise in wireless communications, messaging protocols (SMS, RCS, IMS), or network-level
attack vectors
• Proficiency with firmware analysis and hardware security concepts
• Experience with malware analysis and threat research
• Background in threat modeling and security architecture assessment
• Experience developing automation tools for security research (test harnesses, instrumentation
frameworks)
• Current TS/SCI security clearance
WHO THRIVES IN THIS ROLE
Skills and credentials matter, but the engineers who excel here share certain qualities that are difficult
to teach and impossible to fake:
• Comfort in chaos — you do your best work when requirements are incomplete, the environment is
unfamiliar, and the answer is not obvious
• Customer obsession with an engineering backbone — you care deeply about outcomes, and you
have the technical depth to deliver them
• Intellectual honesty — you tell customers and colleagues what is true, including when the honest
answer is uncomfortable or inconvenient
• Bias toward action — you make informed decisions quickly, execute, and adjust; paralysis under
ambiguity is not in your vocabulary
• Extreme ownership — you follow problems all the way to resolution, never stopping at the handoff
• Builder instinct — when something does not exist that should exist, you build it; when something
is broken, you fix it rather than file a ticket about it
• Restless curiosity — you go deep on customer domains, not just your own product, because you
understand that credibility is built on comprehension
• Clear, confident communication — you can hold your own in a boardroom and equally in a
terminal window; you adjust register without losing substance