Detection Researcher/Security Engineer (iOS Focused)

We are seeking a highly skilled and inquisitive security engineer with deep technical expertise in mobile threat detection and operating system internals. This role focuses on conducting forensics analysis of potentially compromised devices to research, develop, and improve our detection capabilities against advanced mobile threats. Experience in analyzing data from iOS backups and diagnose is at the core of the role. The ideal candidate combines strong technical depth with an open and adaptive research mindset, maintaining versatility across diverse security challenges. A strong ability to code for the iOS environment, alongside conducting and reviewing high-quality technical work, is essential for success in this position.

Location: Europe

Key Responsibilities:

• Design, prototype, and implement new detection techniques and algorithms for the iOS platform based on forensics data coming both from the runtime environment and the offline iOS sysdiagnose and backup files.
• Lead and participate in structured brainstorming sessions to generate novel detection ideas against advanced mobile threats.
• Analyze, document and make use of iOS internals features in an attempt to improve the runtime and offline detection capabilities.
• Develop, maintain, and improve internal tooling and automation to accelerate analysis, triage, and detection development.
• Review and interpret forensic data provided by customers, produce clear technical reports, and provide actionable guidance and remediation support.
• Write and publish technical blog posts to raise awareness of emerging security risks and share insights with customers and the wider security community.

Required Skills & Experience:

• Proven ability to collaborate effectively within a team environment, including forming and leading focused sub-groups to deliver specific project features or research objectives.
• Strong knowledge of iOS operating system internals (e.g., diagnose, encrypted backup, daemons/services, sandboxing, code-signing), with a particular focus on the capability to use the data provided by the operating system to detect a compromised device.
• Good previous experience in data analysis methods applied to forensics investigations.
• Proficiency in reverse engineering using tools such as IDA Pro, Ghidra, Hopper, or equivalent, including experience writing scripts, leveraging their SDKs, and isolating and reporting technical issues.
• Demonstrated ability to think both offensively and defensively, approaching analysis tasks with the mindset of both an attacker and a defender.
• Solid programming experience in C, Python, Objective-C and Swift, with the ability to produce efficient, maintainable, and secure code.
• Capability to reverse engineer proprietary protocols and interprocess communication mechanisms (e.g., XPC, mach messages, IOKit) is considered a plus.
• Practical knowledge of jailbreak methods and iOS exploit classes (e.g., kernel exploits, sandbox escapes, code-signing bypasses), ideally experience in analyzing such exploits or exploit chains is a big plus.