R&D – Android Vulnerabilities

Apply Now

Environment

Within Quarkslab, the services / R & D part carries out projects, internal or external, around the following themes:

  • reverse engineering: understanding how a program works without having the source code;
  • cryptography: analyze or design cryptography in applications to increase security properties;
  • vulnerabilities: assess the robustness of a target, search for vulnerabilities and develop exploits;
  • hardware and software security: working on Systems on Chip, designing software and hardware architectures to increase our capabilities.

These projects are carried out in various technical environments, from general public OS to dedicated SOCs up to hardware. We focus on the internal mechanisms of these systems with specific tools (see our public tools such as Triton, LIEF or QBDI).

Responsibilities You will be expected to:

  • Develop a multi-tier distributed system in timely manner meeting or exceeding Quarkslab’s quality bar.
  • Participate in and sometimes organize the software development activities of the team.
  • Evaluate and propose architectural improvements and code refactoring.
  • Provide technical leadership and guidance in your areas of expertise.
  • Contribute to the professional growth of your team mates.
  • Understand, describe and communicate technical challenges in simple and precise terms.

Mandatory Skills

  • At least 3 years of experience in security, hands in grease.
  • Practical experience, in the context of employment or self-driven initiative or both
  • English written and spoken, another language bonus.

Appreciated Skills

  • Experience (s) in other areas of security than those described in the offer.
  • Example: experiment with hardware debug or interfaces (eg JTAG, UART, I2C, etc.).
  • Knowledge of several architectures or operating systems.
  • Publication (s), lecture (s), training (s) given or received, CVE, bug bounties.
  • Contributions to open source projects (development, tools, reverse engineering, etc.).
  • Participation in challenges or CTFs.

What does Quarkslab offer?

As part of our projects, we have to work on many Android components, from the Bluetooth stack to drivers passing for secure boot, TZ or applications.

  • Experience creating and conducting vulnerability scanning campaigns in the Android environment.
  • Knowledge of Android’s internal components: System Server, Service Manager and Binder.
  • Ability to develop exploits in kernel space or user.
  • Eager to R & D to contribute to our tools or discover new techniques.
  • By the way (and wanting to stay) the latest developments in the Android system.