Vacancies

Responsibilities

• Carry out tasks assigned to the team, including the research of the Android kernel, the reverse-engineering of closed-source components, the debugging of smartphones, the verification of existing vulnerabilities and proof-of-concepts for exploitability, the writing of fully functional exploits, and the chaining of exploits.
• Participate in the testing process of finished exploits, modify and update them as new software versions are released.
• Offer insights to the team and participate in discussions on new developments and research.

Key Requirements

• Ability to be a quick learner, to analyse large volumes of disparate information and synthesise them into specific knowledge, mastery of systems thinking.
• Ability to work and make decisions in the context of limited available information, lack of fear in setting hypotheses, testing them and rejecting unworkable ideas.
• Ability to focus on time-consuming tasks requiring up to several months to complete.

Requirements

• Proven track record of writing exploits for critical vulnerabilities (remote code execution, privilege escalations) in the Android kernel over the last year.
• Understanding of the architecture and internals of Android and Linux kernels.
• Knowledge of currently relevant vulnerability classes and mitigations.
• Proficiency in technical tools such as C/C++, ARM assembler, Java, Android debugger, Ghidra, IDA Pro, etc.
• Ability to find vulnerabilities in software and knowledge of Kotlin and JavaScript will be your advantage.
• English proficiency on the level of reading technical documentation and communicating with the team.

What We Offer

• Competitive salary and payments based on your qualifications, along with bonuses for each exploit developed.
• Fully remote work on a contract basis, and flexible schedule.
• Professional development and career growth opportunities in one of the most technically challenging areas of information security.
• For the internal researcher position, see our Russian language version of the vacancy.

Responsibilities

• Carry out tasks assigned to the team, including the research of one of modern browsers, the verification of existing vulnerabilities and proof-of-concepts for exploitability, the writing of fully functional exploits, and the chaining of exploits.
• Participate in the testing process of finished exploits, modify and update them as new software versions are released.
• Offer insights to the team and participate in discussions on new developments and research.

Key Requirements

• Ability to be a quick learner, to analyse large volumes of disparate information and synthesise them into specific knowledge, mastery of systems thinking.
• Ability to work and make decisions in the context of limited available information, lack of fear in setting hypotheses, testing them and rejecting unworkable ideas.
• Ability to focus on time-consuming tasks requiring up to several months to complete. The ability to maintain productivity and keep going even when a task seems impossible.

Requirements

• Proven track record of writing exploits for critical vulnerabilities (remote code execution, privilege escalation, mitigation bypass) in one of the popular browsers (Chrome, Safari, Firefox, Samsung Internet, Edge) over the last year.
• Understanding of the architecture and internals of the modern browsers, skills of working with one of the JavaScript engines (V8, WebKit, SpiderMonkey), JIT, DOM, WebAssembly, CSP, CORS.
• Knowledge of currently relevant vulnerability classes and mitigations such as PAC, JITCage, V8 Sandbox.
• Proficiency in technical tools such as C/C++, JavaScript, WASM, GDB, LLDB, WinDbg.
• Will be your advantage: ability to search for browser vulnerabilities, knowledge of Java and Objective-C languages, experience with exploitation of WebGL and ANGLE, experience with Frida, Valgrind, Angr, presence of published research on browser exploitation.
• English proficiency on the level of reading technical documentation and communicating with the team.

What We Offer

• Competitive salary and payments based on your qualifications, along with bonuses for each exploit developed.
• Fully remote work on a contract basis, and flexible schedule.
• Professional development and career growth opportunities in one of the most technically challenging areas of information security.
• For the internal researcher position, see our Russian language version of the vacancy.

Responsibilities

• Carry out tasks assigned to the team, including the software security research, the reverse engineering of closed source components, the development of static and dynamic analysis tools, the verification of existing vulnerabilities and proof-of-concepts for exploitability, the writing of fully functional exploits, and the chaining of exploits.
• Participate in the testing process of finished exploits, modify and update them as new software versions are released.
• Offer insights to the team and participate in discussions on new developments and research.

Key Requirements

• Ability to be a quick learner, to analyse large volumes of disparate information and synthesise them into specific knowledge, mastery of systems thinking.
• Ability to work and make decisions in the context of limited available information, lack of fear in setting hypotheses, testing them and rejecting unworkable ideas.
• Ability to focus on time-consuming tasks requiring up to several months to complete. The ability to maintain productivity and keep going even when a task seems impossible.

Requirements

• Proven track record of conducting research, reverse engineering, or working as a telecommunications (telco) engineer in one of the following areas: cellular, Wi-Fi, Bluetooth, NFC.
• Understanding of the architecture of system-on-a-chip (SoC).
• Experience in finding bugs or exploiting vulnerabilities in one of the on-a-chip systems: Qualcomm Snapdragon, MediaTek, Samsung Shannon, Exynos, Infineon, HiSilicon Kirin, UniSoc, OsmocomBB, etc.
• Knowledge of SS7, GSM/2G, GPRS, EDGE, UMTS/3G, LTE/4G, 5G, cdmaOne, CDMA2000, etc. standards, understanding of the device of cellular networks.
• Will be your advantage: experience working with SDR (HackRF, bladeRF, USRP), base stations (OpenBTS, YateBTS, OpenLTE), RTOS (QNX, VxWorks, FreeRTOS, ThreadX, etc.), Hexagon DSP, Qualcomm AMSS, Keysight UXM, experience operating embedded devices and SIM card security research.
• English proficiency on the level of reading technical documentation.

What We Offer

• Competitive salary and payments based on your qualifications, along with bonuses for each exploit developed.
• Fully remote work on a contract basis, and flexible schedule.
• Professional development and career growth opportunities in one of the most technically challenging areas of information security.
• For the internal researcher position, see our Russian language version of the vacancy.