Senior/ Lead Security Researcher

Summary of Role

V-Key is one of the world’s leading deep-tech companies in mobile cyber-security. Our patented technology V-OS has been deployed by top banks, mobile payment providers, and governments to secure software solutions and protect more than 500 million users globally. 

We are rapidly expanding into new markets and new customer segments. Apart from securing digital transactions for everyone, we are also enabling new generation technology by providing the cyber-security infrastructure for banking, government and smart homes, among many others.

At V-Key, we are building towards a future where technology users can enjoy unprecedented security and convenience.

We are looking for a (Senior or Lead) Security Researcher, as part of the Product Security Team. Your primary focus will be to work with the team on cutting-edge Research and Development (R&D) of threats on mobile phones to develop innovative products and solutions to defend against such threats.

Duties and Responsibilities

• Research into threats (such as root/jailbreak and hiding thereof, app tampering, runtime tampering, etc.) in mobile phone operating systems and applications on Android / iOS / Harmony OS Next.
• Work with the team to develop protection mechanisms through reverse engineering, vulnerability research, exploitation and mitigation techniques and mobile/embedded development.
• Work with the team to perform penetration test on V-Key’s products and applications.
• Work with the team to script attacks and defences for mobile devices in general and for mobile applications.
• Develop customer-facing security attack and defense demonstrations.
• Work with the team on security solutions architectures involving not just the mobile device, but also other networked components, leveraging authentication protocols (OAuth2, FIDO2, etc.), and understanding and assessing cryptographic protocols and algorithms as needed.

Requirements

• Should have 5+years of experience into this relevant field.
  
• Good understanding of operating system internals (one or more of Android, iOS, Harmony OS Next, Linux, etc.) and app development (especially mobile).
• Familiar with rooting/jailbreaking, runtime tampering, app tampering, and tools that can be used to hide them.
• Familiar with attack and reverse engineering tools such as Frida, Theos, Ghidra, and IDA Pro.
• Familiar with web VAPT tools like Burp Suite.
• Familiar with how various tools/methodologies work, allowing innovation and creative solutions, not just comfortable using the tools as is.
• Good understanding of threat modelling, including familiarity with at least one threat modelling framework.
• A strong self-starter and able to work with minimal supervision, while still receptive to suggestions and ways to improve.
• Project ownership on selected projects.
• Guidance/mentorship of junior security researchers.
• Detail oriented with a strong focus on quality.
• Systematic and methodical in research and testing, while being creative and innovative.
• Ability to work in a dynamic, fast moving and growing environment.
• Positive work attitude, proactive and highly driven.
• Critical thinker and problem-solving skills.
• Team player with great interpersonal and communication skills.

Nice to have

• Degree in Computer Science, Information Systems, Math (especially related to cryptography) or related field.
• Certifications related to information security, ethical hacking, security solution design.
• Have built tools/scripts to help with various security research tasks.