Senior Mobile Red-Team Engineer — Android & iOS Marsad Technologies Company LLC

Employer Active

Posted 30+ days ago

Experience

4 - 8 Years

Job Location

Remote (Company based out of Other - Oman)

Education

Bachelors in Computer Application(Computers), Bachelor of Technology/Engineering(Computers), Masters in Computer Application(Computers), Master of Technology/Engineering(Computers)

Nationality

Any Nationality

Gender

Any

Vacancy

1 Vacancy

Job Description

Roles & Responsibilities


We’re hiring a pragmatic, senior Mobile Red-Team Engineer to design, build, and operate authorized, lab-only implant emulations for both Android (APK) and iOS (IPA) platforms. You will emulate realistic adversary tradecraft covering persistence, collection, command-and-control, covert communications, and supply-chain scenarios — exclusively within isolated testbeds — to validate and improve detection, response, and hardening across product, SOC, and EDR/MDM capabilities.

This is a strictly defensive role. All offensive tooling, implants, and tests are performed only on corporate-owned or explicitly consented devices in isolated lab networks under documented approvals from Legal/Compliance. No weaponized code or distribution instructions will be shared publicly.


  • Architect and produce lab-only emulations (APK & IPA) that model the full attacker lifecycle: initial access/delivery, persistence, privilege escalation (lab context), data collection, covert communication/C2, staged exfiltration, and cleanup.
  • Build and maintain an automated mobile testbed: device farms (Android & iOS), isolated cellular sims, emulators, captive networks, and CI harnesses for repeatable experiments.
  • Instrument emulations with telemetry hooks (lab only) to generate ground-truth data for detection engineering and SOC validation.
  • Reverse-engineer malware samples in sandboxed lab environments (high-level analysis) to extract TTPs and inform emulation design; produce sanitized advisories.

Desired Candidate Profile


  • 5+ years in mobile security, offensive security, red teaming, or similar roles with demonstrable hands-on experience across both Android and iOS.
  • Deep understanding of Android APK lifecycle, signing, runtime (ART/Dalvik), permissions, common persistence vectors
  • Deep understanding of iOS IPA structure, provisioning/signing models, entitlements, sandboxing, and enterprise/TestFlight/sideloading nuances (lab).
  • Strong reverse-engineering familiarity (Ghidra/IDA/other) for both managed and native binaries at a high level (sanitized analyses).
  • Strong software engineering skills (Python required; Java/Kotlin, Swift/Obj-C, C/C++ desirable) to develop test harnesses, instrumentation, and automation.
  • Experience building device testbeds, automation pipelines, or CI processes for repeatable security exercises.
  • Demonstrated ability to convert offensive findings into actionable detection content (YARA/Sigma-style, telemetry schemas) and remediation tickets.

Nice-to-Have


  • Hardware debugging experience (JTAG/UART), baseband/firmware research, or kernel-level familiarity (lab only).
  • Prior experience with MDM/EMM platforms, enterprise app stores, or telecom/carrier environments.
  • Public, sanitized research (non-weaponized writeups), CVEs, or conference talks.
  • Certifications such as OSCP, GREM, GMOB, or equivalent practical experience.

Tools & Environment (examples)


Frida, Burp Suite, JADX, Ghidra/IDA, Android Studio, Xcode, ADB, device farms/emulators, isolated cellular SIMs, captive networks, Wireshark, automation frameworks, fuzzers (lab only), SIEM/EDR integrations. (No step-by-step instructions or exploit code will be used or published.)


Legal & Operational Guardrails (non-negotiable)


  • All implants and emulations are lab-only, time-boxed, and authorized in writing before execution.
  • Tests are limited to corporate-owned or consented devices in isolated networks — never on production or customer endpoints.
  • Artifacts shared externally must be sanitized; weaponized payloads or distribution instructions are prohibited.

Success Metrics (first 6–12 months)


  • Deliver 4–8 vetted emulation playbooks (Android & iOS) mapping to prioritized ATT&CK techniques and used in purple-team runs.
  • Deploy an automated device testbed and CI harness that reduces test cycle time and increases repeatability.
  • Coordinate at least one responsible vendor disclosure and validate mitigations in lab.

Employment Type

    Full Time

Company Industry

  • IT - Software Services

Department / Functional Area

  • IT Software

Keywords

  • Senior Mobile RedTeam Engineer
  • LabOnly Implant Emulation
  • RedTeam Engineer
  • Redteamengineering
  • Red Teaming
  • Red Team Engineer
  • Red Team Engineering
  • Mobile Red Team Engineer

Disclaimer: Naukrigulf.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@naukrigulf.com

Marsad Technologies Company LLC

Founded in response to the growing gap between the geopolitical importance of data and the fragility of externally managed hosting. Instead of retrofitting foreign architectures to national needs, we bring sovereignty as the default with systems that serve autonomy and resilience from the ground up. Marsad exists to restore national control over digital infrastructure. We build sovereign-by-design data ecosystems that enable nations to protect critical information, enforce their own rules, and operate without foreign dependency, now and for the future. Marsad is led by experts in national infrastructure, cybersecurity, and regulatory compliance, with direct experience in serving government, defense, and financial institutions. We maintain high-trust operational models, internal governance transparency, and alignment with national regulatory bodies and cybersecurity mandates.

Read More

Tazia Mehdi - Managing Director

Muscat, Oman

https://www.marsadtech.me

Similar Jobs

Mobile Application Developer

Info Edge Ehiregulf_Demo

  • 3 - 8 Years
  • Dubai - United Arab Emirates (UAE)

Mobile App Developer

ZennTech

  • 3 - 8 Years
  • Dubai - United Arab Emirates (UAE)

Senior IOS

View All