Android Security Engineer

Experience Level: 3+ years

Location: Hyderabad

Type: Full-time

Role Overview: We are looking for a highly skilled Android Reverse Engineer (Mid/ Senior Level) with a strong background in Android internals, reverse engineering, and mobile application security. You will be responsible for dissecting Android apps and SDKs, identifying potential security risks, and providing actionable insights to strengthen mobile ecosystem security. This position requires hands-on experience in reverse engineering, malware analysis, static/dynamic analysis, and tool development — along with an analytical mindset and a passion for understanding how complex mobile software works under the hood

Key Responsibilities:-

Reverse Engineering & Code Analysis: Perform in-depth static and dynamic analysis of Android applications and SDKs (including obfuscated and packed binaries). Utilize tools such as Ghidra, Jadx, IDA Pro, Frida, Burp Suite, Objection, and Xposed to reverse engineer APKs and native libraries (ELF binaries). Analyze app logic, SDK integrations, and network behaviors.

Threat & Risk Assessment: Identify data leaks, malicious code, privacy violations, and potential exploitation vectors in mobile apps and SDKs. Assess Android apps for compliance with Google Play policies and general mobile security best practices.

Tooling & Automation: Develop and maintain custom tools, scripts, and frameworks to automate static/dynamic analysis, unpacking, and threat detection workflows. Write signatures (e.g., YARA, Sigma) and contribute to internal knowledge bases and detection systems.

Research & Intelligence Gathering: Monitor emerging Android security threats, malware families, and exploit techniques. Utilize OSINT sources such as VirusTotal, ExploitDB, MITRE ATT&CK, and security research communities to stay current.

Collaboration & Reporting: Work closely with security researchers, engineers, and developers to communicate findings and recommend remediation strategies. Produce detailed technical reports, PoCs, and summaries for internal or client-facing use.

Continuous Learning: Keep abreast of Android OS updates, new security controls, and evolving attacker methodologies. Participate in CTFs, security challenges, or vulnerability research to enhance skills.

Required Skills & Experience:

• Core Technical Expertise: 3–5+ years of hands-on experience in Android reverse engineering, application security, or mobile malware analysis.
• Strong knowledge of Android internals, AOSP, app architecture, and Android security model. Experience analyzing and reverse engineering malicious applications or SDKs.
• Proficiency in static and dynamic analysis using tools such as Jadx, Ghidra, IDA Pro, Frida, Objection, and MobSF. Familiarity with native library (ELF) analysis and ARM/ARM64 assembly.
• Solid understanding of Java, Kotlin, C/C++, and JavaScript (bonus: Flutter/Dart).
• Working knowledge of network traffic analysis, interception proxies (Burp, mitmproxy), and protocol decoding.
• Understanding of SQL, cryptography fundamentals, authentication, root detection, anti-debugging, and packing/unpacking mechanisms.
• Security Knowledge: Knowledge of malware techniques, exploitation methods, and mobile security frameworks (OWASP MASVS, MSTG).
• Familiarity with threat intelligence and analysis of APT-related malware. Ability to develop custom detection logic, including YARA rules and heuristic signatures.
• Experience in vulnerability research, exploit development, or security code review. Hands-on Android app development experience (Java/Kotlin).
• Background in AdTech SDK analysis or content moderation systems.
• Participation in CTFs or bug bounty programs related to mobile security. Knowledge of Google Play security and developer policies.
• Familiarity with pentesting methodologies, Red/Blue Team operations, or forensics.

Required: 3–5+ years of relevant experience in Reverse Engineering, Android Security, or Application Penetration Testing. Preferred: Bachelor's/Master's degree in Computer Science, Computer Engineering, Information Security, or a related discipline.

Demonstrated contributions to open-source reverse engineering tools, malware analysis research, or technical security blogs.

Tools & Technologies (Practical Knowledge Expected) Reverse Engineering Tools: Jadx, Ghidra, IDA Pro, Frida, Objection, MobSF, Apktool, JADX, Androguard Debugging/Tracing: ADB, LLDB, gdb, strace, ltrace Static/Dynamic Analysis: Hopper, Radare2, JEB, Bytecode Viewer Networking: Burp Suite, mitmproxy, Wireshark Scripting Languages: Python, Bash, PowerShell OSINT & Threat Intel: VirusTotal, Hybrid Analysis, MITRE ATT&CK, Malpedia