Staff, Back-end Engineer

About the Role

We are seeking a highly skilled Reverse Engineer with a focus on mobile applications to uncover, analyze, and extract data from APIs used by popular eCommerce companies. This role sits at the intersection of security research, data engineering, and system-level programming. You will work closely with data teams to enable robust, scalable data pipelines by reverse-engineering client behavior and building tools to interface and extract data from undocumented APIs.

Key Responsibilities

• Reverse engineer mobile applications to extract API behavior and authentication logic.

• Perform both static and dynamic analysis on mobile apps.

• Develop and maintain tools and scripts for hooking, decryption, traffic interception, and data extraction.

• Build and manage proxy environments between mobile devices and workstations for traffic inspection.

• Create custom Proxy Toolkits to manipulate and analyze HTTP/S traffic in real time.

• Implement and maintain native code hooking using tools like Frida, Xposed, or Substrate.

• Conduct ARM/x86 Assembly analysis for deeper insights into app behavior.

• Reverse engineer web frontend logic (e.g., JavaScript obfuscation, token generation) to extract or simulate client-side API interactions.

• Ensure bypass of security features such as anti-debugging, anti-emulation, and anti-hooking.
  

Required Skills & Experience

• Proficient in Python or Java. JavaScript is helpful

• Strong experience with reverse engineering tools like IDA Pro, Ghidra, Jadx, Binary Ninja, Radare2, and JEB.

• Skilled in using debuggers (e.g., x64dbg, GDB, LLDB, WinDbg) for live process inspection.

• For mobile: Deep understanding of mobile operating system internals, including Android (AOS) and iOS, and related file formats (APK, IPA, ELF, Mach-O, PE).

• Experience with network traffic analysis, including proxy mechanics and networking protocols.

• Familiar with memory management concepts (heap/stack, paging, virtual memory) and OS architecture (Linux/macOS/Windows).
  

Nice to Have

• Experience with web crawling and scraping.

• Knowledge of kernel-level development (e.g., socket drivers).

• Prior involvement with Android rooting or iOS jailbreaking (for mobile)

• Background in working with defenders/attackers in security research settings.

• Understanding of compiler internals and code auditing practices.
  

What You’ll Build

• A high-fidelity, reliable API data extraction layer from mobile/web clients.

• Automation pipelines for decryption, API emulation, and response parsing.

• Systems to support high-throughput scraping with anti-bot and anti-fraud defenses in mind.