Junior mobile application penetration tester - eShard
We are hiring!
eShard is a global, independent company with world-class expertise in security for embedded and mobile products (including embedded software security, Trusted Execution Environment, embedded cryptography attacks). Companies like Google, Visa, NXP and other leading vendors around the world trust in us, our solutions and services. eShard ambitions to be at the forefront in cyber-security, specialising in ICs, mobile apps and backend systems.
We have engaging/challenging projects in a supportive work environment centered around (facilitating) knowledge sharing in a team. As part of strengthening our technical team, we are looking for a self-motivated individual able to look after security testing on mobile applications and managing the remediation of the findings.
Do you have experience in working with customers to demonstrate security testing results, explain the threat presented by the results, and consult on remediation? Are you ready to take part in an international, technically diverse and experienced team to help customers improve the security of their products? Are you looking for a challenging yet open and agile work environment?
This position is particularly dedicated to passionate mobile application penetration testers, keen to take the chance of growing and enhancing our penetration testing service in close cooperation with our Service Leader.
Your work and motivation will significantly contribute to eShard success.
Your day-to-day at eShard for this position
Our team of experts constantly work on various topics, such as hardware instrumentation, cryptography analysis and reverse engineering of mobile applications etc. When they come to you in order to work on vulnerability assessment activities of mobile applications, you jump into your role and conduct penetration testing. You like exchanging with the experts to see how our/eShard services can be improved to provide excellence towards our customers.
As part of our roadmap, you and the team will develop meaningful metrics to reflect the true security posture of the environment, allowing the customer to make educated decisions based on risk. For this, you closely work with the Service Leader who provides guidance and expertise to produce actionable penetration testing reports.
You are in charge of performing security design reviews and secure code reviews. During efficient and crisp meetings with the team, you look for ways to exploit vulnerabilities and design solutions to take remedial action. You are also responsible to do research with the aim to break the most recent security frameworks for mobile applications.
You are in charge of developing test modules for our SaaS mobile security testing platform (esChecker). In doing so, you also contribute to Open Source projects.
You will work either remotely or from our office in Pessac, France; it’s important to have a place of work to meet and hang out. Parts of a project may require interacting with customers all over the world. Our office culture is highly technical, our organisation fairly flat and our mindset flexible.
Within eShard, you are excited about developing your skills and knowledge in an international and highly dynamic technical environment.
What describes yourself includes:
- You have experience in reverse engineering and/or malware analysis and in reversing Android/iOS applications
- You have experience with DBI (like Frida)
- You have experience with bypassing client-side protections (root detection, hooking detection, etc.)
- You have experience in reversing heavily obfuscated applications (Java, C/C++, Swift, ObjC preferably)
- You have experience in reversing cryptographic mechanisms (secure storage, etc.)
- You have in-depth knowledge in OS and security mechanisms (system calls, sandboxing, secure enclave, etc.) and in AARCH64 assembly code
- You have the ability to use Vulnerability assessment tools skillfully
- You are accomplished in at least one programming language
- You have a solid understanding of exploit code
- You love development in the following languages: Python
- You have good spoken and written communication to explain your methods to a technical and non-technical audience (French & English) to be able to support our French and English speaking customers
- You have the sense of attention to detail, to be able to plan and execute tests while considering client requirements
- You have the ability to think creatively and strategically to penetrate security systems
- You have good time management and organisational skills to meet client deadlines
- You have ethical integrity to be trusted with a high level of confidential information
- You have the ability to think laterally and ‘outside the box’
- You enjoy teamwork to support colleagues and share techniques
- You have exceptional analytical and problem-solving skills
You work in a proactive manner and make sure that everyone is engaged and works well together. You take initiatives to make sure eShard core values are enforced and consistent with the different actions and to build a strong team spirit.
- Competitive compensation package
- Flexible working hours, remote-friendly environment
- Strong focus on personal development
- High performance office equipment
- Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
- Meal Vouchers
- Annual company outing plus snacks and drinks
- eShard is an ambitious internationally-focused company developing with a strong innovation path in cyber-security. A particular area of strength is the security expertise for embedded and mobile products (including embedded software security, Trusted Execution Environment, embedded cryptography attacks).
- Our highly educated R&D teams are continuously analyzing current and potential security threats; it enables us to be at the state of the art of attacks and protection or beyond it.
- We think that great software is important for security, that’s why we are selling high value software that is first in class.
- We help customers put the right amount of security in their product, and validate that with practical tests.
- Everyone working at eShard embodies our 4 values: Excellence, Trusted, Collaborative and Disruptive. Our corporate culture is highly technical, our organisation fairly flat and our mindset flexible.
- Our main office in Pessac, France has been around since 2015, but we have satellite offices in Marseille, Singapore and Germany.
- eShard provides an attractive remuneration package including an incentive plan and good health insurance.
Send your resume and motivation letter here.