Android Reverse Engineer Jobs in San Jose, CA (NOW HIRING)

The DDoS threat landscape has crossed a threshold. Botnets like Aisuru and Kimwolf-comprising millions of compromised Android TV and IoT devices and capable of attacks exceeding 24 Tbps and 9 billion packets per second-are no longer edge cases. They are the baseline.

Defeating these threats requires more than external observation. It requires deep visibility into how they are built, how they execute on the wire, and what that means for the systems designed to stop them.

This role sits at the intersection of binary exploitation research and real-world defensive impact. You will reverse engineer active IoT botnet malware, translate findings into detection logic and packet-level attack signatures, and work across engineering, product, and research to ensure insights directly improve detection and customer defense.

What you will do

• Reverse engineer IoT botnet malware families (Mirai lineage, Go-based L7 flooders, multi-architecture binaries) to understand attack behavior at the implementation and network level. You will reconstruct command structures, decode obfuscation, recover control flows from stripped binaries, and build precise models of how attacks manifest on the wire

• Perform dynamic malware analysis in sandboxed and purpose-built lab environments to validate static analysis and observe runtime behavior

• Design and contribute to novel detection and mitigation approaches based on malware internals and traffic behavior

• Collaborate with AI/ML teams to integrate automated analysis into research workflows. This is not passive tool usage-you will actively shape how automation is applied to real malware analysis problems

• Partner with product engineering to translate research into shipped detection capabilities

• Lead external-facing research: threat reports, technical blogs, and conference presentations. At principal level, you own the narrative and direction of research output

• Engage directly with customers in post-incident analysis, architectural guidance, and strategic threat briefings-clearly explaining both attacker behavior and defensive actions

• Work alongside senior researchers focused on IoT botnets and large-scale DDoS systems, contributing to and benefiting from a deeply technical peer environment

What you need

• Strong foundation in binary reverse engineering using tools such as Ghidra or IDA, including static analysis across multiple architectures and experience with stripped binaries and compiler-generated code; you should be comfortable working close to raw assembly and control flow, not dependent on tooling abstraction

• Hands-on experience with dynamic malware analysis in sandbox or isolated lab environments, using runtime observation to validate and extend static findings

• Working proficiency in Python and Go

• Strong understanding of network protocols at the implementation level, including the ability to interpret PCAPs and reconstruct protocol behavior

• Familiarity with DDoS botnet architectures (e.g., Mirai lineage or equivalent), ideally with direct analysis of binaries rather than secondary reporting. Experience tracking variant evolution across malware families is a strong plus

• Ability to communicate complex technical findings clearly across engineering, product, and customer audiences; at this level, communication quality is a core part of technical impact

Nice to have

• Experience with high-performance packet processing or mitigation systems at the network and transport layers

• Experience analyzing Go binaries in depth

• Exposure to malware source code

• Experience applying ML-assisted or vector-based approaches to malware classification, clustering, or lineage attribution

Tools & environment

Ghidra(headless + GUI), Capstone,GoReSym Python 3, Go,Scapy,tsharkAny.run, Joe Sandbox, Cuckoo (or equivalent) custom detonation lab infrastructure honeypot infrastructure MalwareBazaar,VirusTotal macOS or Linux

AI Use Guidelines for Interviews:Our interviews are designed to reflect your own skills and thinking. The use of AI or recording tools during live interviews is not permitted unless explicitly invited by the interviewer or approved in advance as part of a reasonable accommodation. If these tools are used inappropriately or in a way that misrepresents your work, your application may not move forward in the process.