Security Researcher

Job description

Employment Type:Full-TimeLocation: Singapore

Minimum Experience: 3 Years

Pixalate is an online trust and safety platform that protects businesses, consumers, and children from deceptive, fraudulent, and non-compliant mobile, CTV apps, and websites.

Our software and data have been used to unearth multiple high-profile criminal and illegal surveillance cases including:

• Gizmodo:An iCloud Feature Is Enabling a $65 Million Scam, New Research Says
• Adweek:A 7-Figure Ad Fraud Scheme Running on Roku Underlines Murkiness of CTV
• Washington Post:Your kids’ apps are spying on them
• Pro Publica:Porn, Piracy, Fraud: What Lurks Inside Google’s Black Box Ad Empire
• ABC7 News:The State of Children’s Privacy Online
• NBC News:How many apps are tracking your children

Our team of lawyers, data scientists, engineers, economists, and researchers span globally with a presence in California, New York, Washington DC, London, and Singapore.

About the Role:

The Security Researcher will be a subject matter expert in threat intelligence, specifically ad fraud. Collaborating closely with Product and Engineering, this role will produce in-depth technical reports and research to enhance our products and advance our cutting-edge research platform.

Responsibilities:

Threat Research & Analysis:

Conduct deep-dive technical research into existing and emerging cyber threats, actor behaviors, malicious infrastructure, and attack vectors.

Technical Investigations:

• Reverse engineer Mobile and Connected TV Apps for any potential Investigations including but not limited to technical analysis of threat actor tactics, techniques, and procedures (TTPs), including malware analysis, intrusion analysis, network traffic analysis, and vulnerability assessment.

Intelligence Reporting:

• Generate actionable, unbiased, strategic threat intelligence reports, providing detailed insights on cyber adversaries and potential security risks.
• Deliver comprehensive technical briefings, both orally and in writing, clearly communicating threat landscapes, actor capabilities, and recommended defensive actions.

Collaboration & Incident Response:

• Partner with Product, Engineering and Partner teams to facilitate timely information sharing and threat mitigation.
• Contribute directly to Pixalate products to protect our clients from ad fraud attacks.

Technical Qualifications

• PhD, Masters or Bachelors in Computer Science or related field is preferred
• Demonstrated proficiency in scripting and automation languages (Python preferred, PHP, JavaScript).
• Strong familiarity with malware analysis, threat hunting, reverse engineering tools, and intrusion detection systems.
• Solid knowledge of operating systems (Android, iOS, Roku, AndroidTV, Samsung, LG OS, etc).
• General understanding  of advertisement tags, command centers, and SDKs

Preferred Skills

• Prior hands-on experience conducting threat intelligence analysis, malware reverse engineering, penetration testing, or digital forensics.
• Experience with Android and iOS development, including full-stack applications
• Experience with automated testing frameworks
• Experience with setting up Man in the Middle proxies to instrument applications.
• Experience in commonly used communications protocols such as TCP, UDP, HTTPS, TLS.
• Certification(s) in relevant security areas (GIAC, CISSP, OSCP, CEH, etc.) desirable.
• Strong analytical mindset with the ability to translate complex technical data into actionable insights.