Offensive Security Researcher — Android User Space & AI-Augmented Vulnerability Research
Description We are seeking an Offensive Security Researcher with a focus on Android user space security and a strong interest in applying AI/LLM-assisted workflows to advanced vulnerability research. The role involves identifying, analyzing, and exploiting vulnerabilities across Android user space components, including native services, system applications, framework components, IPC surfaces, media stacks, vendor customizations, and security-relevant platform integrations. In addition to hands-on vulnerability research, this role includes helping design and integrate AI-assisted workflows that support reverse engineering, code exploration, patch diffing, crash triage, root-cause analysis, variant discovery, fuzzing workflows, exploit development, and research knowledge management. This is not a prompt engineering role. We are looking for someone with real Android security research depth who wants to explore how LLMs and agentic AI systems can augment expert researchers working on complex mobile targets.
Responsibilities
Discover and analyze vulnerabilities in Android user space components, including native daemons, system services, framework layers, privileged applications, media components, and vendor-specific attack surfaces. Reverse engineer Android internals, proprietary components, vendor modifications, IPC mechanisms, binder interfaces, native libraries, and security boundaries. Analyze vulnerabilities involving memory corruption, logic flaws, privilege escalation, insecure IPC, unsafe deserialization, race conditions, permission model weaknesses, and sandbox escapes. Develop proof-of-concept exploits and produce clear, rigorous technical documentation. Track Android platform security mitigations and assess their effectiveness against real-world exploitation techniques. Use fuzzing, crash analysis, patch diffing, static analysis, dynamic instrumentation, and variant analysis to identify high-value vulnerability classes. Contribute to the design and integration of AI/LLM-assisted workflows for Android vulnerability research, including AI-assisted reverse engineering, code review, crash triage, root-cause analysis, patch analysis, and tool orchestration. Work with AI-enabled systems that interact with tools such as decompilers, debuggers, fuzzers, source-code indexes, static analysis frameworks, emulator environments, and Android build/test infrastructure. Evaluate where AI agents can meaningfully accelerate Android security research, and where human expertise, validation, and skepticism remain essential. Collaborate with vulnerability researchers, exploit developers, reverse engineers, and AI-focused engineers on high-impact offensive security projects.
Requirements
Strong expertise in C/C++, low-level programming, and Android native user space internals. Experience in reverse engineering, vulnerability discovery, fuzzing, and exploit development. Knowledge of Android architecture, including native services, Binder IPC, SELinux, system applications, framework components, permissions, sandboxing, and process isolation. Familiarity with Android user space attack surfaces such as media frameworks, Bluetooth, Wi-Fi, NFC, telephony, WebView, HAL interfaces, vendor daemons, privileged apps, or OEM customizations. Understanding of memory corruption primitives, logic bugs, IPC vulnerabilities, privilege escalation paths, sandbox boundaries, and modern mobile exploitation mitigations. Ability to analyze large and complex codebases independently, including AOSP and vendor-modified Android components. Experience with debugging, reverse engineering, and instrumentation tools such as GDB, LLDB, Frida, JADX, apktool, Ghidra, IDA Pro, Binary Ninja, ADB, sanitizers, emulators, or device-based testing setups. Strong scripting and automation skills, preferably in Python, JavaScript, TypeScript, Bash, or similar languages. Interest in AI-assisted vulnerability research, LLM tool use, agentic workflows, automated code analysis, AI-assisted reverse engineering, or AI-assisted fuzzing and triage. Ability to critically evaluate AI-generated output and separate useful research signals from hallucinations, noise, and false positives. Proven track record in Android vulnerability research, CVEs, exploit development, bug bounty research, mobile security research, or equivalent private research is highly valued.
Nice to Have
Experience discovering or exploiting vulnerabilities in real Android targets. Deep knowledge of one or more Android subsystems, such as Binder, media, Bluetooth, Wi-Fi, telephony, WebView, keystore, system_server, package manager, permission enforcement, or vendor HALs. Experience with AOSP source code, Android build systems, custom ROMs, firmware extraction, OTA analysis, or vendor patch diffing. Experience with coverage-guided fuzzing, harness development, corpus management, crash deduplication, emulator-based fuzzing, or device farm testing. Experience with patch diffing, variant analysis, exploit reliability, mitigation bypass research, or privilege escalation chains. Experience integrating LLMs or AI agents with tools such as Ghidra, IDA, JADX, Frida, CodeQL, Semgrep, fuzzers, debuggers, source-code indexes, or custom static/dynamic analysis systems. Experience working with local or restricted AI deployments, open-weight models, RAG systems, or secure environments where sensitive code and research artifacts cannot be sent to external services. Interest in building internal tooling that makes expert Android vulnerability researchers faster, more systematic, and more effective.