01-Responsibilities:
• Responsible for the development and improvement of a vulnerability mining platform.
• Engaged in research on new technologies for exploiting vulnerabilities.
• Stay updated with the latest global security trends, understand advanced attack techniques, and complete analysis reports.
02-Qualifications:
• Bachelor's degree or higher (outstanding conditions can be considered for exceptions).
• Knowledge of Android security basics: root , SELinux, APK signing, screen locks (including FaceID/fingerprint/PIN/password bypass), OTA updates, etc.
• Familiarity with common vulnerability principles: experience in successful vulnerability mining/exploitation of heap overflow, UAF (Use-After-Free), process injection, privilege escalation, etc.
• Knowledge of operating system principles, understanding of ARM architecture; skilled in Java/C/C++ development, knowledgeable about packaging, decompiling, and cracking processes; familiar with shell unpacking, obfuscation countermeasures; experienced in Ollvm obfuscation and practical counter-strategy; skilled in Android device fingerprinting and environmental analysis countermeasures.
• Proficiency in exploitation techniques, including but not limited to cross-cache attacks, heap groom, file/process injection, GPU vulnerability exploitation, mitigation bypass , etc.
• Additional beneficial security skills: cryptography, security protocols, reverse engineering, fuzzing.
• Preference for candidates with published papers in leading conferences or journals in the field, or winners of prestigious competitions like Pwn2Own, Tianfu Cup, etc.
03-Benefits:
• Laboratory research environment equivalent to or better than Major/Big companies, purely focused on research.
• Opposing 996 work culture, implementing a 4+1 work schedule (4 days in the office, 1 day remote work from home per week).
• An international office atmosphere with employees from ALL around the world.
• An international office setting with a diverse global team
