01-Responsibilities:
- Responsible for the development and improvement of a vulnerability mining platform.
- Engaged in research on new technologies for exploiting vulnerabilities.
- Stay updated with the latest global security trends, understand advanced attack techniques, and complete analysis reports.
02-Qualifications:
- Bachelor’s degree or higher (outstanding conditions can be considered for exceptions).
- Knowledge of Android security basics: root , SELinux, APK signing, screen locks (including FaceID/fingerprint/PIN/password bypass), OTA updates, etc.
- Familiarity with common vulnerability principles: experience in successful vulnerability mining/exploitation of heap overflow, UAF (Use-After-Free), process injection, privilege escalation, etc.
- Knowledge of operating system principles, understanding of ARM architecture; skilled in Java/C/C++ development, knowledgeable about packaging, decompiling, and cracking processes; familiar with shell unpacking, obfuscation countermeasures; experienced in Ollvm obfuscation and practical counter-strategy; skilled in Android device fingerprinting and environmental analysis countermeasures.
- Proficiency in exploitation techniques, including but not limited to cross-cache attacks, heap groom, file/process injection, GPU vulnerability exploitation, mitigation bypass , etc.
- Additional beneficial security skills: cryptography, security protocols, reverse engineering, fuzzing.
- Preference for candidates with published papers in leading conferences or journals in the field, or winners of prestigious competitions like Pwn2Own, Tianfu Cup, etc.
03-Benefits:
- Laboratory research environment equivalent to or better than Major/Big companies, purely focused on research.
- Opposing 996 work culture, implementing a 4+1 work schedule (4 days in the office, 1 day remote work from home per week).
- An international office atmosphere with employees from ALL around the world.
- An international office setting with a diverse global team.