MSAB is a global leader in forensic technology for mobile device examination, with offices in Europe and in the USA, as well as a network of distributors across the globe. Our products are used by Police, Law Enforcement, Military, Government Intelligence Agencies and Forensic Laboratories in over 100 countries worldwide to investigate crime, gather intelligence, investigate fraud and fight corruption.
The company is based in Stockholm and has been listed on the Swedish Stock Exchange since 1999.
MSAB´s core beliefs:
- Pioneers in mobile forensics
- Top performance, evolving, rising to challenges and sharing our vast knowledge
- Friendly workplace, a happy employee means happy colleagues and clients
- Responsible for our customers, through honest and ethical work
About the role
At MSAB we face some of the most challenging problems in vulnerability discovery and exploitation. We daily audit, attack and exploit some of the most secure systems available made by some of the largest companies in the world. Each day victims of crime are helped by our solutions and perpetrators are brought to justice. At MSAB we get the satisfaction of both attacking very difficult problems while also contributing to society in a positive way.
The senior security researcher will be responsible for identifying and exploiting vulnerabilities in embedded devices, primarily mobile devices. Together with the research manager you will identify interesting targets, enumerate attack surfaces, audit both binaries and source code in order to identify vulnerabilities and finally develop high reliability exploits for the identified vulnerabilities.
It is expected that you either have a body of published work ranging from a series of CVE identifiers to working exploits for said vulnerabilities, or can demonstrate experience with vulnerability identification and exploit development through a practical test.
The position is based at MSAB’s head office in Stockholm, Sweden.
- Identify and exploit vulnerabilities in systems with a strong security posture.
- Be a team player and participate in an environment where information sharing is very important.
- Help guide less experienced MSAB security researchers and provide expert feedback on ongoing projects.
- Minimum of 5 years of professional experience in the security research field.
- Demonstrated experience with identifying and exploiting software vulnerabilities in systems with a strong security posture, preferably mobile devices.
A strong understanding of:
- Source code auditing, primarily C, C++, AArch32 assembler and AArch64 assembler.
- Binary auditing, primarily AArch32 and AArch64 based systems.
- The Android or iOS operating system, applications and their various security systems.
- Fuzzing of both kernel space boundaries as well as user space parsers.