Low Level Android Developer

Responsibilities

An indicative overview of the main daily activities for this job position are the following (but they are not limited only to these topics):

• Low level engineering and development of both Android (Java) and native code (mainly C++).
• Maintenance and support of an extensive project, currently in production. Project’s code base: C++ and Java. Supported platforms: multiple platform architecture, supporting both Android and iOS.
• Static and dynamic analysis of system and third party apps in Android ecosystem, core Android services, native daemons and libraries (RE, tracing, debugging, instrumentation, network monitoring etc.).
• Analysis and evaluation of the Android security model, both existing and new protections and mitigations.
• Research various topics, related to Android ecosystem and internals (user space or kernel), application layer, programming, obfuscation etc.
• Review and analysis of the Android open source project (AOSP) and framework.
• Documentation and knowledge sharing sessions with your teammates.
• Automated and manual tests to ensure high stability and performance of your implementations.
• Development of tools and utilities that will help the team to perform research tasks, automated testing and overall to speed up and streamline the maintenance and support of our product.

Expectations

We are looking for a low level software engineer with prior extensive experience (must) in the following areas and fields:

• Android and Linux ecosystem (Android and Linux internals, both user space and kernel. Android security model, protections and mitigations, Android application sandboxing model. Android Runtime (ART): core libraries, Dalvik VM. HAL layer: hardware related libraries, services and processes, core Android services).
• Low level programming (C/C++, Assembly ARM64/ARM64-v8a, Android NDK, system API/syscalls, native libraries, JNI Interface).
• High level programming (Android framework, Android API, Android SDK. Programming languages: Java/Kotlin).
• Debugging native and Android apps/Java code (GDB, LLDB, Java debugger, remote debugging, ADB).
• Reverse engineering both native binaries and Android apps (IDA Pro/Ghidra/GDB/binary Ninja, jadx, apktool, dex2jar, understanding ARM64 assembly, byte code, Smali).
• Dynamic analysis and instrumentation (Frida, hooking, app calls and system calls tracing, network traffic inspection, Burp Suite).
• Cryptography fundamentals: symmetric and asymmetric algorithms, hash functions, encoding. Utilizing such algorithms to ensure confidentiality and integrity of data in your projects.
• Network fundamentals: TCP/IP, OSI Model, major protocols and their underlying fundamentals, like TCP, UDP, HTTP(S)/TLS/mTLS.
• Familiar with procedures for rooting, firmware updates and flashing ROMs.

Bonus points if the candidate has prior experience or if familiar with the following topics:

• Development for hardware, embedded systems. Kernel modules/extensions.
• Offensive security: post exploitation techniques, shellcoding, code/library injection techniques, process instrumentation and hooking, control flow manipulation, obfuscation, anti-debugging/analysis techniques, manual library loading and linking, parsing ELF format).
• Scripting languages for automation: Python, Bash.
• DevOps fundamentals: CI/CD pipelines, Git, Git Workflows, Dockers, Docker Compose, Jenkins, Bamboo from Atlassian.