Senior Security Researcher (iOS)

Posted:
5/15/2024, 11:20:33 PM

Location(s):
Tel-Aviv, Tel-Aviv District, Israel

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Software Engineering

At Jamf, people are at the core of everything we do. We do what’s right for our customers, our employees, our communities and our world. We take pride in simplifying technology for tens of thousands of customers around the globe and helping organizations succeed with Apple.

 

Jamf offers remote and hybrid positions. Depending upon the role, work in the office, connect 100% remote from your home, or find the blend that works best for you.

 

This role is based in Tel Aviv, Israel. We are only able to accept applications for those based in Israel or have sponsorship to live and work in Israel.

 

What you'll do at Jamf:

At Jamf, we empower people to be their best selves and do their best work. Security Researcher plays a critical role in advancing Jamf mobile security research efforts. This role is responsible for investigating and analyzing security vulnerabilities, developing cutting-edge techniques for mobile device forensics, and contributing to the development of innovative solutions that protect Jamf clients' mobile ecosystems and to publish security research.

 

 

 What you can expect to do in this role:

  • iOS Security Analysis: Conduct in-depth analysis of iOS security mechanisms, including the secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection. Identify weaknesses and potential vulnerabilities within the iOS ecosystem.
  • Vulnerability Assessment: Perform comprehensive vulnerability assessments of iOS applications using industry-standard frameworks such as MITRE, OWASP Mobile Security Testing Guide, and tools like Burp Suite. Identify and document security issues and propose mitigation strategies.
  • Attack Vector Analysis: Explore potential attack vectors that could compromise iOS devices and applications. Develop a deep understanding of the iOS threat landscape and post-exploit scenarios to anticipate and counteract security threats effectively.
  • Reverse Engineering: Utilize reverse engineering techniques and tools such as IDA Pro, Hopper, and Ghidra to dissect iOS applications and firmware. Analyze binaries, disassemble code, and reverse engineer software components to uncover vulnerabilities and weaknesses.
  • Privilege Escalation Research: Investigate iOS privilege escalation techniques and vulnerabilities, staying ahead of potential threats. Research and develop countermeasures to protect against privilege escalation attacks.
  • Development Contributions: While not mandatory, the ability to develop security-related tools, scripts is an advantage. Contribute to the creation of custom tools or enhancements that aid in mobile forensic analysis and security assessments.
  • Documentation and Reporting: Create detailed reports and documentation of security findings, methodologies, and recommended solutions. Communicate research results effectively to both technical and non-technical stakeholders through written reports and presentations.
  • Collaboration: Collaborate closely with cross-functional teams, including fellow researchers, software developers, and cybersecurity experts, to share insights, collaborate on security initiatives, and contribute to the development of secure mobile solutions.
  • Stay Current: Continuously monitor and stay up-to-date with the latest developments in iOS security, vulnerabilities, and exploits. Contribute to threat intelligence by sharing relevant information with the team.

 

What we are looking for:

  • Minimum of 5 years of experience in relevant field
  • Minimum of 4+ years of experience in vulnerability assessment of iOS applications (e.g., MITRE, OWASP Mobile Security Testing Guide, Burp Suite) 
  • Minimum of 5 years of experience in Reverse Engineering (e.g., IDA Pro, Hopper, ghidra) 
  • Understanding of potential attack vectors and post-exploit scenarios
  • Understanding of iOS security mechanisms (secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection)
  • Knowledge of iOS Privilege Escalation techniques
  • Product development capabilities (preferred)
  • Fluent English - Writing & speaking

 

EDUCATION & CERTIFICATIONS

  • BSc or other relevant degree – an advantage.

 

Why Jamf?

  • 100 Best Companies to Work For by Great Place to Work® and Fortune Magazine
  • Our developers work in agile delivery teams to produce new features, improve software components, and are the subject matter experts for our Jamf product offerings.
  • We constantly push the boundaries of technology, our developers support new innovations and OS releases the moment they are made available by Apple.
  • Several Jamf engineers are named in patents and with team names like CatDog, ThunderSnow and Dalek you can expect to have some fun while building cutting-edge software.
  • You will have the opportunity to work with a small and empowered team where the culture is based on trust, ownership, and respect.
  • Visit our Jamf Engineering blog to learn more about the innovative projects our team is working on and what we learn from each challenge we solve. A blog written by engineers, for engineers at https://engineering.jamf.com/

What is a Jamf?
You go above and beyond for others, are willing to help, and support the team around you. You value and learn from different perspectives. You are curious and resourceful, a problem-solver, self-driven and constantly improving. You are excited to try new things, explore new ideas, and seek new opportunities. You care about inclusion and diversity, social responsibility, and are someone who just wants to do the right thing.

What does Jamf do?
Jamf extends the legendary Apple experience people enjoy in their personal lives to the workplace. We believe the experience of using a device at work or school should feel the same, and be as secure as, using a personal device. With Jamf, IT and security teams are able to confidently manage and protect Mac, iPad, iPhone and Apple TV devices, easing the burden of updating, deploying and securing the data used by their end-users. Jamf’s purpose is to simplify work by helping organizations manage and secure an Apple experience that end-users love and organizations trust.

 

We are free-thinkers, can-doers and problem crushers with a passion for helping customers empower their workforce to focus on their jobs, not the hassles of managing technology – freeing nurses to care, teachers to teach and businesses to thrive. We have over 2,500 employees worldwide who are encouraged to bring their whole selves to work each and every day.

 

Get social with us and follow the conversation at #OneJamf

 

#LI-REMOTE