Listing Description
This role would be responsible for discovering and exploiting vulnerabilities affecting Mobile devices. The work includes attack vector enumeration, static and dynamic analysis of the target, reverse engineering, debugging, identification of vulnerabilities, exploitation, and technical documentation.
Exodus offers a full benefits package at no cost to the employee including: Health, Dental, Life and Vision. Our team enjoys a flexible work schedule and catered lunches daily at the main office in Austin, TX. A relocation package is available for out of area candidates wishing to move. Due to the nature of the information security industry there are many opportunities for paid travel to various conferences and employees wishing to prepare technical material to speak at any conference are provided with any assistance necessary.
At Exodus we pride ourselves on developing cutting edge research. Our customers trust us to provide unique research they can’t acquire anywhere else. However, sometimes we deem it appropriate to publish research to drive innovation and technical advances in the public domain. When appropriate, Exodus incentivizes our researchers to publish their research through a blog post, a conference presentation, and sometimes through a bounty contest. Check out these exemplars:
[0day] Pwn2Own $50,000 Bug Bounty Win
Article: https://threatpost.com/firefox-edge-pwn2own/143082/
Blog: https://blog.exodusintel.com/2019/05/19/pwn2own-2019-microsoft-edge-renderer-exploitation-cve-2019-9999-part-1/
[nday] Patch Gapping Google Chrome
Blog: https://blog.exodusintel.com/2019/09/09/patch-gapping-chrome/
[appearances] OffensiveCon 2020 Berlin
Safari Sandbox Escapes: https://www.offensivecon.org/speakers/2020/ki-chan-ahn.html
Exploiting the "Unexploitable": https://www.offensivecon.org/speakers/2020/b1ack0wl.html[required] Fluent in C/C++ and ARM and Intel assembly (Hexagon and MIPS are also accepted).
[required] Demonstrated ability to discover and exploit 0day vulnerabilities in mobile devices.
[required] Understanding of latest memory corruption mitigations.
[required] Competency with debuggers and IDA Pro.
[preferred] Ability to develop SoC exploits without a debugger and minimal runtime information.
[preferred] A thorough understanding of Mobile attack surface (e.g., CP, AP, and other areas).
[preferred] A thorough understanding of a wide range of vulnerability classes.
[preferred] A history of publishing or presenting original research -OR- references for production grade exploit development.
Listing Details
- Citizenship: No Requirements
- Incentives: Bonus
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute