Senior Security Researcher

The MSAB vision is to empower every investigation with digital forensic solutions – for a safer world. A core value is to run an ethics-driven company with innovation and results. MSAB is the global leader in digital forensic technology for mobile device examination and analysis. The sole focus of MSAB is on delivering high-quality digital forensic solutions to collect, review, analyze and manage data. MSAB is a trusted partner to law enforcement, defense forces, government agencies, and forensic laboratories in democratic countries throughout the world enabling them to investigate crime, gather intelligence, investigate fraud, and fight corruption.   

About the role

At MSAB we face some of the most challenging problems in vulnerability discovery and exploitation. We daily audit, attack and exploit some of the most secure systems available made by some of the largest companies in the world. Each day victims of crime are helped by our solutions and perpetrators are brought to justice. At MSAB we get the satisfaction of both attacking very difficult problems while also contributing to society in a positive way.

The senior security researcher will be responsible for identifying and exploiting vulnerabilities in embedded devices, primarily mobile devices. Together with the research manager you will identify interesting targets, enumerate attack surfaces, audit both binaries and source code in order to identify vulnerabilities and finally develop high reliability exploits for the identified vulnerabilities.

It is expected that you either have a body of published work ranging from a series of CVE identifiers to working exploits for said vulnerabilities, or can demonstrate experience with vulnerability identification and exploit development through a practical test.

It's possible to work from abroad with the right qualifications.

Responsibilities:

• Identify and exploit vulnerabilities in systems with a strong security posture.
• Be a team player and participate in an environment where information sharing is very important.
• Help guide less experienced MSAB security researchers and provide expert feedback on ongoing projects.

Requirements:

• Minimum of 5 years of professional experience in the security research field, or equally proven experience
• Demonstrated experience with identifying and exploiting software vulnerabilities in systems with a strong security posture, preferably mobile devices.

A strong understanding of:

• Source code auditing, primarily C, C++, AArch32 assembler and AArch64 assembler.
• Binary auditing, primarily AArch32 and AArch64 based systems.
• The Android or iOS operating system, applications and their various security systems.
• Fuzzing of both kernel space boundaries as well as user space parsers.