Login Sign Up
🔔 FCM Loaded

Senior Android Security Researcher

YAL.ai

5 - 10 years

Hyderabad

Posted: 12/02/2026

Getting a referral is 5x more effective than applying directly

Job Description

Android Security Researcher (Advanced Mobile Exploitation & Defense)


Company: YAL

Location: Hyderabad, India

Employment Type: Full-time

Salary: Competitive


About YAL

YAL is building a secure communication and discovery platform focused on protecting users in environments exposed to advanced mobile threats, targeted exploitation, malware, spyware, and surveillance-grade attacks.

Security at YAL is a core engineering discipline, not an afterthought. We are forming a high-caliber mobile security research team to identify, simulate, and defend against real-world Android attack techniques used by sophisticated adversaries.


Role Overview

As an Android Security Researcher, you will conduct deep offensive and defensive mobile security research, focusing on Android applications, runtime behavior, and advanced exploitation patterns relevant to secure communication and discovery use cases.

This role is intended for researchers who understand how modern mobile exploits work at both application and system levels, and who can translate that understanding into strong defensive architecture.


What You Will DoOffensive Security & Exploit Research
  • Reverse engineer Android applications (APK, DEX, native .so)
  • Identify and exploit:
  • Authentication and authorization flaws (IDOR, logic errors)
  • Exported activities, services, and broadcast receivers
  • Intent injection and IPC misuse
  • WebView vulnerabilities and unsafe JavaScript bridges
  • Perform runtime analysis and manipulation using:
  • Frida, Objection, Xposed, Magisk
  • Research advanced client-side attack surfaces affecting communication and discovery flows, including:
  • Media parsing and file-handling vulnerabilities
  • Message, notification, and call-triggered attack paths
  • Multi-stage exploit logic combining multiple weaknesses
  • Analyze real-world Android malware, spyware, and targeted attack techniques


Advanced Threat & Pegasus-Class Awareness

You are expected to understand and reason about attack patterns associated with surveillance-grade mobile exploitation, such as:

  • Zero-interaction or minimal-interaction attack vectors
  • Exploitation through media processing, message handling, or call setup logic
  • Abuse of trusted native libraries and client-side components
  • Post-compromise techniques including persistence, evasion, and stealth
  • Bypassing runtime inspection and application-level security controls
This role focuses on defensive understanding and mitigation of these attack classes, not offensive spyware development.
Defensive Engineering & Hardening
  • Design protections against:
  • Runtime hooking and instrumentation frameworks
  • Tampered or repackaged APKs
  • Credential, token, and cryptographic key extraction
  • Build and validate:
  • Runtime integrity verification mechanisms
  • Anti-tampering and anti-debugging strategies
  • Secure:
  • Local storage and encrypted databases
  • Cryptographic key usage via Android Keystore
  • Media, file, and discovery-related data processing pipelines
  • Assess and secure on-device ML / TFLite models against extraction and manipulation
  • Work closely with Android engineers to deliver secure-by-design implementations
Android Platform Knowledge
  • Android sandbox, permission model, and process isolation
  • AOSP fundamentals, Binder IPC, and SELinux
  • Android signing schemes (v2 / v3 / v4)
  • Native/JNI basics and ARM64 familiarity
  • Understanding of Android system services and appsystem interaction
Tools & Skills
  • JADX, APKTool, MobSF
  • Frida, Objection, Drozer
  • ADB, logcat, strace
  • Burp Suite / Charles Proxy
  • Ghidra or IDA Pro for native analysis
  • Rooted devices, emulators, and controlled test environments
Strongly Preferred Qualifications

We highly value candidates with proven high-impact security research experience, including:

  • Top 100 rankings on competitive platforms such as:
  • HackerOne
  • Bugcrowd
  • Synack Red Team
  • Intigriti
  • Public vulnerability disclosures in Android or mobile applications
  • CVEs, high-severity bug bounty reports, or advanced technical writeups
  • Experience researching security-sensitive or large-scale mobile platforms
Exceptional researchers without public rankings are encouraged to apply if their technical depth is strong. Nice to Have
  • Mobile CTF background (Android, reversing, exploitation)
  • Experience analyzing VoIP, media parsers, or native libraries
  • Research exposure to advanced mobile malware or targeted attacks
  • Blogs, talks, or open-source contributions in mobile security
What This Role Is Not
  • Not a compliance or policy-only role
  • Not limited to automated scanning or checklist security
  • Not a junior or entry-level application security position

This role is for researchers who understand real-world attack behavior and design defenses accordingly.

Interview Process
  • Practical Android reversing challenge
  • Runtime analysis or exploitation reasoning exercise
  • Secure design discussion focused on advanced mobile threat models
  • No algorithm puzzles or theory-only interviews

Services you might be interested in

Improve Your Resume Today

Boost your chances with professional resume services!

Get expert-reviewed, ATS-optimized resumes tailored for your experience level. Start your journey now.

getmereferred logo Know more