Lookout is an integrated endpoint-to-cloud cybersecurity company. Our mission is to secure and empower our digital future in a privacy-focused world where mobility and cloud are essential to all we do for work and play. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen -- predicting and stopping mobile attacks before they do harm. We enable consumers and employees to protect their data, and to securely stay connected without violating their privacy and trust. Lookout is trusted by millions of consumers, the largest enterprises and government agencies, and partners such as AT&T, Verizon, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C.
We are looking for a Senior Security Researcher to join our Threat Intelligence team, a group of top-tier security researchers working to identify, investigate, and track targeted attacks on users of mobile devices. As a member of this team you will use an extensive arsenal of detection tools including the largest collection of mobile apps containing 140M+ Android and iOS apps to find and research mobile malware and hunt down malicious actors, their infrastructure, tooling and techniques.
- Develop strategies to hunt mobile threats targeting enterprises and individuals.
- Identify and track malicious actor.
- Develop tools to mine internal and external data sources to identify new campaigns, malware families, and malicious actors.
- Investigate adversary command-and-control infrastructure.
- Reverse-engineer and analyze functionality of malicious apps.
- Report findings to Threat Intelligence customers.
Qualifications & skills:
- Threat hunting experience with multiple data sets (e.g. PassiveTotal, Virustotal, etc.).
- Experience in reverse engineering software (mobile app reversing preferred).
- Ability to articulate technical findings both in written reports and presentations.
- Experience using some of the following tools: JEB, IDA Pro, Ghidra, Hopper, gdb, Frida, Wireshark, BurpSuite.
- Ability to read code in Java and C; ARM Assembly, ObjectiveC and Swift is a bonus.
- Experience in conducting OSINT investigations across Surface/Deep/Dark Web.
- Ability to create research tools in Python, Ruby or Java.
- Experience with threat intelligence file types, tools and terminology such as MITRE ATT&CK, STIX, MISP and the Intelligence Cycle is a bonus.
- Curiosity and a strong drive to understand how both state and criminal actors operate.