Senior Android Reverse Engineer (Financial Security)

Responsibilities:

• Perform reverse engineering and deep analysis of Android applications, with a focus on finance / banking apps.

• Investigate and circumvent various anti-debugging, packing/protection, obfuscation, runtime-protection and anti-tampering mechanisms.

• Analyze and reconstruct critical implementations such as financial protocols, data transmission logic, encryption algorithms, etc.

• Produce high-quality technical documentation: protocol documentation, hook-point descriptions, reverse-engineering reports.

• Work with the product security team to evaluate the security posture of third-party apps, and help define remediation or mitigation strategies.

Requirements:

• Expert-level skills in Android reverse engineering, including but not limited to Dex decompilation, Smali analysis, dynamic debugging (e.g. Frida / Xposed / JDWP), etc.

• Familiarity with architecture, logic, protection mechanisms, and communication protocols of mainstream banking/payment apps.

• Solid understanding of network security: TLS/SSL, mutual authentication, custom/private encryption protocols, etc.

• Proficiency with common reverse-engineering and security tools (e.g. IDA Pro, Ghidra, JEB, Frida, Objection, tcpdump, Wireshark, etc.).

• Strong background in assembly (ARM/Thumb), Smali, capable of independently analyzing obfuscated/packed Android code.

• Understanding of Android internals is a plus (e.g. Zygote, ART, Binder).

• Good team collaboration, documentation and technical communication skills.

Nice-to-have (plus):

• Prior real-world experience analyzing banking/finance apps.

• Familiarity with Chinese domestic application protection solutions (e.g. BangBang, iJiami, Tencent LeGu, etc.) and bypass techniques.

• Experience participating in CTFs, penetration testing projects or security assessments / red-team exercises.

• Publications: security research articles, blog posts, open-source tools, etc.