Job Title:
Reverse Engineer (Android)About Trellix
Trellix is a global company redefining the future of cybersecurity. The company’s comprehensive, open, and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.
Role Overview:
Android Reverse EngineerIn support of our global Android Reverse Engineering program, we seek highly skilled Android App and SDK Reverse Engineers to join our team. This role will involve analyzing and deconstructing Android applications and SDKs to identify potential security risks and gain insights into their underlying functionality.
Trellix is a global company redefining the future of cybersecurity. The company’s comprehensive, open, and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.
Deep Dive Analysis: Conduct in-depth analysis of Android applications and SDKs to understand their codebase, architecture, functionality and to identify potential risks.
Reverse Engineering Techniques: Employ advanced reverse engineering techniques to extract information from various codebases, including decompilation, disassembly, and debugging.
Risk Identification: Identify user and device risk, data leakage, and malicious code execution within Android apps and SDKs.
Threat Intelligence: Gather, analyze and report threat intelligence related to Android malware, exploits, and emerging security trends.
Collaboration: Collaborate with security researchers, developers, and other stakeholders to share findings, provide recommendations, and contribute to the development of secure applications and ecosystem.
We require a minimum of 3 - 5+ years of expertise in one or more of the following: Android Development, Reverse Engineering, Pentesting, Application Security Assessments, Capture the Flag (CTF).
Our Android Reverse Engineering Program also requires hands on experience with the following:
Analyzing, unpacking, and reverse engineering code of malicious applications or SDKs.
Static and Dynamic Analysis Techniques
Reverse Engineering tools such as Jadx, Ghidra, Frida, IDA Pro, Burp, to perform binary and APK analysis
Java, Kotlin, JavaScript, Flutter, and other mobile software languages
ELF (Native Binaries) reverse engineering
Development of signatures (SQL, Yara, etc.)
An understanding of the following topics will be greatly appreciated and utilized:
Android Fundamentals such as Android activity lifecycles, common Android API usage, AOSP, and how an Android application is created.
Techniques utilized by malicious applications to harm the user’s device or their data
Mobile App store policies (Ads, PHAs, Developer, etc.)
Network traffic analysis; security fundamentals
Research on threats such as APT using Open-Source Intelligence (Virus Total, Web, ExploitDB, MITRE, etc.)
Encoding and Cryptography
Authentication mechanisms and security
Device rooting
Complex frameworks and application packers
Company Benefits and Perks:
We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.
Retirement Plans
Medical, Dental and Vision Coverage
Paid Time Off
Paid Parental Leave
Support for Community Involvement
We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.
Our Commitment to You:
At Trellix, we are committed to creating a safe and trustworthy experience for our customers, employees, and candidates. Please be aware that fraudulent recruiting activity can occur through fake job postings or impersonated communications.
Trellix conducts interviews through professional channels only and does not use text messages, instant messaging, or group chats for interviews. We will never request sensitive personal information—such as your date of birth, Social Security number, or national ID number—during the interview process.
Trellix also does not require candidates to pay fees, purchase products or services, or process payments of any kind as part of the recruiting or hiring process. And Trellix will never keep any original work authorization documents that we may be required to review during the hiring process.