Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
X-Day Offensive Research (XOR) Vulnerability Researcher
Jersey City, NJ · On-site
$152K - $260K/yr
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
X-Day Offensive Research (XOR) Vulnerability Researcher
Jersey City, NJ · On-site
$152K - $260K/yr
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel ... Linux, Android, macOS, or iOS). * Experience auditing large C/C++, Java, and .NET codebases ...
Software Engineer - Game Integrations
New York, NY · On-site
$180K - $275K/yr
This is low-level, hands-on work: understanding how games work, writing engine plugins, reverse ... iOS, Kotlin for Android Java, Redis, RabbitMQ, Kubernetes for backend Terraform, Salt, GitHub ...
Software Engineer - Game Integrations
New York, NY · On-site
$180K - $275K/yr
This is low-level, hands-on work: understanding how games work, writing engine plugins, reverse ... iOS, Kotlin for Android Java, Redis, RabbitMQ, Kubernetes for backend Terraform, Salt, GitHub ...
Application Security Engineer
Brooklyn, NY · On-site
$63.75 - $85.25/hr
... reverse engineering, and log analysis • Expert in defining secure configurations for Windows and Linux/Android operating systems • Perform host or application-based vulnerability scanning and ...
Application Security Engineer
Brooklyn, NY · On-site
$63.75 - $85.25/hr
... reverse engineering, and log analysis • Expert in defining secure configurations for Windows and Linux/Android operating systems • Perform host or application-based vulnerability scanning and ...
Software Engineer III - Full Stack
New York, NY · On-site
$100K - $145K/yr
... reverse logistics operation. RTR has been named to CNBC's "Disruptor 50" five times in ten years ... Android handheld devices. What You'll Do: * Participate in all aspects of agile software ...
Software Engineer III - Full Stack
New York, NY · On-site
$100K - $145K/yr
... reverse logistics operation. RTR has been named to CNBC's "Disruptor 50" five times in ten years ... Android handheld devices. What You'll Do: * Participate in all aspects of agile software ...
... android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc ... Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
... android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc ... Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
Senior Penetration Tester
Manhattan, NY · On-site
... android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc ... Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
Senior Penetration Tester
Manhattan, NY · On-site
... android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc ... Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
Senior Penetration Tester
Manhattan, NY · On-site
$152K - $260K/yr
... android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc ... Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
Senior Penetration Tester
Manhattan, NY · On-site
$152K - $260K/yr
... android/iOS), including the use of industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, etc ... Experience in reverse engineering thick-client and mobile applications to identify vulnerabilities.
Android Reverse Engineer information
See The Bronx, NY salary details
$24K - $40.1K
0% of jobs
$40.1K - $56.3K
0% of jobs
$56.3K - $72.4K
6% of jobs
$72.4K - $88.6K
1% of jobs
$88.6K - $104.7K
1% of jobs
$104.7K - $120.8K
15% of jobs
$122.4K is the 25th percentile. Wages below this are outliers.
$120.8K - $137K
19% of jobs
The median wage is $140.9K / yr.
$137K - $153.1K
33% of jobs
$153.9K is the 75th percentile. Wages above this are outliers.
$153.1K - $169.3K
5% of jobs
$169.3K - $185.4K
19% of jobs
$185.4K - $201.6K
1% of jobs
$24K
$143.6K
$201.6K
How much do android reverse engineer jobs pay per year?
What is an Android Reverse Engineer job?
An Android Reverse Engineer analyzes and deconstructs Android applications to understand their functionality, security mechanisms, and potential vulnerabilities. They use tools like APK decompilers, debuggers, and dynamic analysis frameworks to reverse-engineer apps, often for security research, malware analysis, or software compatibility purposes. This role requires expertise in Android internals, Java, Kotlin, Smali, and ARM assembly, as well as knowledge of encryption and obfuscation techniques.
What are the typical day-to-day responsibilities of an Android Reverse Engineer?
On a typical day, an Android Reverse Engineer disassembles and analyzes Android applications or firmware to uncover vulnerabilities, understand app behavior, or verify code integrity. You may work closely with security teams, developers, and sometimes legal teams to ensure findings are communicated and remediation steps are implemented. Tasks can include static and dynamic analysis, malware detection, creating proof-of-concept exploits, and writing detailed technical reports. The role requires strong analytical focus, attention to detail, and a willingness to keep up with emerging threats and evolving mobile technologies.
What are the key skills and qualifications needed to thrive in the Android Reverse Engineer position, and why are they important?
To thrive as an Android Reverse Engineer, you should possess a deep understanding of Android operating system internals, proficiency in programming languages like Java and C/C++, and hands-on experience with reverse engineering concepts and tools such as IDA Pro, Ghidra, or Apktool. Familiarity with ARM architecture, Android emulators, and security certifications like OSCP or GIAC GREM are common requirements in the field. Excellent analytical thinking, attention to detail, and strong problem-solving abilities help engineers tackle complex tasks and communicate findings clearly to stakeholders. These combined skills are essential for identifying vulnerabilities, securing applications, and ensuring compliance with security standards.

$152K - $260K/yr
Full-time
Medical, Retirement
Posted 9 days ago
Job description
As an X-Day Offensive Research (XOR) Vulnerability Researcher - Assessments & Exercises at JPMorganChase in the Cybersecurity & Technology Controls line of business, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. In this role, you will design and deploy risk-driven assessments (or manage a highly-skilled team that does) and inform analysis to clearly outline root causes.
We are seeking a dedicated, self-motivated vulnerability researcher to tackle the complex demands of our mission. Working closely with fellow researchers and defense teams, you will investigate challenging targets, uncover novel attack surfaces, and develop innovative solutions that enhance our security posture. The ideal candidate combines deep technical curiosity with a strong background in reverse engineering, static analysis, and dynamic analysis, and thrives in a highly collaborative, research-driven environment.
Job responsibilities
- Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations – and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm's strategy and compliance with regulatory requirements.
- Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation.
- Conduct in-depth vulnerability research and exploit development across a broad range of categories, including operating systems, mobile devices, web applications, browsers, edge devices, and enterprise software.
- Reverse engineer binaries using tools such as IDA Pro, Ghidra, or Binary Ninja to identify novel attack surfaces and develop proof-of-concept exploits.
- Use common vulnerability research toolsets such as fuzzers, disassemblers, debuggers, and code browsers for static and dynamic analysis.
- Perform N-day vulnerability analysis, patch diffing, and proof-of-concept exploit validation.
- Collaborate with cross-functional teams to develop comprehensive reports – including detailed findings, risk assessments, and remediation recommendations – supporting vulnerability triage, patch prioritization, and the sharing of indicators of compromise (IOCs) in service of the firm's mission requirements.
- Leverage threat intelligence and security research to stay ahead of emerging threats, vulnerabilities, industry best practices, and regulations, applying this knowledge to enhance the firm's assessment strategy and risk management, and engaging with peers and industry groups that share threat intelligence analytics.
- Document research findings, proof-of-concepts, and technical workflows to enable knowledge sharing and repeatability.
Required qualifications, capabilities, and skills
- 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises.
- Track record of discovered vulnerabilities (CVEs) in high-profile targets in at least one of the following categories: operating systems, mobile devices, web applications, browsers, edge devices, or enterprise software.
- Proven hands-on experience in vulnerability research, proof-of-concept exploit development, coordinated vulnerability disclosure, and mitigating security vulnerabilities in open-source projects.
- Expertise in advanced analysis frameworks leveraging symbolic execution techniques and dynamic binary instrumentation to identify, triage, and exploit complex software vulnerabilities.
- Hands-on proficiency exploiting complex vulnerability classes – including use-after-free, double free, type confusion – and applying advanced exploitation techniques such as heap spraying and controlled memory corruption to achieve reliable code execution.
- Strong understanding of the internals of at least two operating systems throughout user mode and kernel mode (Microsoft Windows, GNU/Linux, Android, macOS, or iOS).
- Experience auditing large C/C++, Java, and .NET codebases combining automated static analyzers with manual review to trace data and control flow, uncover memory-safety, injection, and deserialization vulnerabilities and produce proof-of-concept code.
- Extensive reverse engineering expertise on x86/x64 and ARM/ARM64 binaries, employing IDA Pro, Ghidra, Binary Ninja, WinDbg, GDB, and RR for deep static/dynamic analysis and root cause vulnerability discovery.
- Knowledge of US financial services sector cybersecurity or resiliency organization practices, operational risk management processes, principles, regulations, threats, risks, and incident response methodologies.
- Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents.
- Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels.
Preferred qualifications, capabilities, and skills
- Bachelor's degree in computer science, or PhD in a related technical field, or an equivalent combination of education and/or experience in a related field.
- 5+ years of experience in vulnerability research and exploit development.
- Experience using fuzzing tools such as LibFuzzer, LibAFL, AFL++, OSS-Fuzz, and Syzkaller.
- Experience using program analysis tools such as LLVM, Angr, KLEE, Intel Pin, DynamoRIO, and Frida.
- Experience emulating embedded platforms for live debugging.
- Experience with kernel and low-level operating system development.
- Deep Linux internals knowledge (SELinux, AppArmor, Seccomp, eBPF, containers, VMs).
- Deep Windows internals knowledge (KASLR, DSE, SSDT, IDT, SMEP, SMAP, PXN, KPP, KDP, VBS, HVCI, KMCI, UMCI).
#CTC
ABOUT USWe offer a competitive total rewards package including base salary determined based on the role, experience, skill set and location. Those in eligible roles may receive commission-based pay and/or discretionary incentive compensation, paid in the form of cash and/or forfeitable equity, awarded in recognition of individual achievements and contributions. We also offer a range of benefits and programs to meet employee needs, based on eligibility. These benefits include comprehensive health care coverage, on-site health and wellness centers, a retirement savings plan, backup childcare, tuition reimbursement, mental health support, financial coaching and more. Additional details about total compensation and benefits will be provided during the hiring process.
We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. We do not discriminate on the basis of any protected attribute, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. We also make reasonable accommodations for applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs. Visit our FAQs for more information about requesting an accommodation.
JPMorgan Chase & Co. is an Equal Opportunity Employer, including Disability/Veterans
ABOUT THE TEAM
High Risk Roles (HRR) are sensitive roles within the technology organization that require high assurance of the integrity of staff by virtue of 1) sensitive cybersecurity and technology functions they perform within systems or 2) information they receive regarding sensitive cybersecurity or technology matters. Users in these roles are subject to enhanced pre-hire screening which includes both criminal and credit background checks (as allowed by law). The enhanced screening will need to be successfully completed prior to commencing employment or assignment.