Detection Researcher (iOS Focused)

Team: Research

Location: Spain (Remote), Argentina (Remote), Germany (Remote), Hungary (Remote), Italy (Remote), Netherlands (Remote), Riga, Latvia, Romania (Remote), United Kingdom (Remote)

Commitment: Full time

Workplace Type: remote

Key Responsibilities

• Research and analyze advanced detection bypass techniques (e.g., jailbreaking, hooking, and runtime application/system tampering) to assess threats to our detection systems.
• Evaluate and reverse-engineer tools and frameworks used to attack or evade our products, documenting findings and attack vectors.
• Lead and participate in structured brainstorming sessions to generate novel detection ideas and countermeasures.
• Design, prototype, and implement new detection techniques and algorithms for the iOS platform.
• Develop, maintain, and improve internal tooling and automation to accelerate analysis, triage, and detection development.
• Review and interpret forensic data provided by customers, produce clear technical reports, and provide actionable guidance and remediation support.
• Perform and contribute to internal penetration testing and adversary emulation of newly introduced security features to validate effectiveness.
• Write and publish technical blog posts to raise awareness of emerging security risks and share insights with customers and the wider security community.

Required Skills & Experience

• Proven ability to collaborate effectively within a team environment, including forming and leading focused sub-groups to deliver specific project features or research objectives.
• Strong knowledge of iOS operating system internals (e.g., sandboxing, code-signing), with a particular focus on runtime application security mechanisms and techniques for detecting system tampering and device compromise.
• Proficiency in reverse engineering using tools such as IDA Pro, Ghidra, Hopper, or equivalent, including experience writing scripts, leveraging their SDKs, and isolating and reporting technical issues.
• Demonstrated ability to think both offensively and defensively, approaching analysis tasks with the mindset of both an attacker and a defender.
• Solid programming experience in C, Python, Objective-C and Swift, with the ability to produce efficient, maintainable, and secure code.
• Good understanding of ARM64 assembly to develop really task specific and time critical functions.
• Experience in data analysis methods applied to the forensics investigations is considered a plus.
• Proficiency with debugging and dynamic binary instrumentation tools (e.g., LLDB, Frida, Objection, QBDI).
• Capability to reverse engineer proprietary protocols and interprocess communication mechanisms (e.g., XPC, mach messages, IOKit).
• Practical knowledge of jailbreak methods and iOS exploit classes (e.g., kernel exploits, sandbox escapes, code-signing bypasses), ideally experience in analyzing such exploits or exploit chains is a big plus.