Review of applications and SDKs to detect malicious or inappropriate behavior by analyzing, unpacking and reverse engineering software that compromises Android devices.
Static and Dynamic Analysis
Experience with Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp Suite, to perform binary and APK/SDK analysis
Code reviews for security policy violations, vulnerabilities, or improper coding practices
Experience with Java, Kotlin, JavaScript, and other mobile software languages. Ability to
Ability to write complex reports for consumption of non-technical audiences,
Ability to collaborate, work with others as a team.
Understanding of the following topics:
In depth understanding of Android Internals
Java Programing Language
Techniques utilized by malicious software to tamper with user devices and make removal more difficult.
Android Security Topics
Mobile App store policies (Ads, PHAs, Developer, etc.)
Ability to read, comprehend and analyze source code software
Additional:
Development of signatures (Yara, etc.)
Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
In depth knowledge of security engineering and analysis topics, computer and network security, cryptography, authentication security, rooting, packing, network protocols and interception