Senior Security Researcher (iOS) - Jamf

This role is offered as a hybrid, with the expectation to be in the office 3 days per week in Tel Aviv, Israel. We can only accept applications from those based in Israel or who have sponsorship to live and work in Israel. #LI-Hybrid

What you'll do at Jamf:

At Jamf, we empower people to be their best selves and do their best work. Security Researcher plays a critical role in advancing Jamf mobile security research efforts. This role is responsible for investigating and analyzing security vulnerabilities, developing cutting-edge techniques for mobile device forensics, and contributing to the development of innovative solutions that protect Jamf clients' mobile ecosystems and to publish security research.

 What you can expect to do in this role:

• iOS Security Analysis: Conduct in-depth analysis of iOS security mechanisms, including the secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection. Identify weaknesses and potential vulnerabilities within the iOS ecosystem.
• Vulnerability Assessment: Perform comprehensive vulnerability assessments of iOS applications using industry-standard frameworks such as MITRE, OWASP Mobile Security Testing Guide, and tools like Burp Suite. Identify and document security issues and propose mitigation strategies.
• Attack Vector Analysis: Explore potential attack vectors that could compromise iOS devices and applications. Develop a deep understanding of the iOS threat landscape and post-exploit scenarios to anticipate and counteract security threats effectively.
• Reverse Engineering: Utilize reverse engineering techniques and tools such as IDA Pro, Hopper, and Ghidra to dissect iOS applications and firmware. Analyze binaries, disassemble code, and reverse engineer software components to uncover vulnerabilities and weaknesses.
• Privilege Escalation Research: Investigate iOS privilege escalation techniques and vulnerabilities, staying ahead of potential threats. Research and develop countermeasures to protect against privilege escalation attacks.
• Development Contributions: While not mandatory, the ability to develop security-related tools, scripts is an advantage. Contribute to the creation of custom tools or enhancements that aid in mobile forensic analysis and security assessments.
• Documentation and Reporting: Create detailed reports and documentation of security findings, methodologies, and recommended solutions. Communicate research results effectively to both technical and non-technical stakeholders through written reports and presentations.
• Collaboration: Collaborate closely with cross-functional teams, including fellow researchers, software developers, and cybersecurity experts, to share insights, collaborate on security initiatives, and contribute to the development of secure mobile solutions.
• Stay Current: Continuously monitor and stay up-to-date with the latest developments in iOS security, vulnerabilities, and exploits. Contribute to threat intelligence by sharing relevant information with the team.

What we are looking for:

• Minimum of 5 years of experience in relevant field
• Minimum of 4+ years of experience in vulnerability assessment of iOS applications (e.g., MITRE, OWASP Mobile Security Testing Guide, Burp Suite) 
• Minimum of 5 years of experience in Reverse Engineering (e.g., IDA Pro, Hopper, ghidra) 
• Understanding of potential attack vectors and post-exploit scenarios
• Understanding of iOS security mechanisms (secure boot process, sandboxing, code signing, keychain, secure enclave, and data protection)
• Knowledge of iOS Privilege Escalation techniques
• Product development capabilities (preferred)
• Fluent English - Writing & speaking

EDUCATION & CERTIFICATIONS

• BSc or other relevant degree – an advantage.

Why Jamf?

• 100 Best Companies to Work For by Great Place to Work® and Fortune Magazine
• Our developers work in agile delivery teams to produce new features, improve software components, and are the subject matter experts for our Jamf product offerings.
• We constantly push the boundaries of technology, our developers support new innovations and OS releases the moment they are made available by Apple.
• Several Jamf engineers are named in patents and with team names like CatDog, ThunderSnow and Dalek you can expect to have some fun while building cutting-edge software.
• You will have the opportunity to work with a small and empowered team where the culture is based on trust, ownership, and respect.
• Visit our Jamf Engineering blog to learn more about the innovative projects our team is working on and what we learn from each challenge we solve. A blog written by engineers, for engineers at https://engineering.jamf.com/