As a part of Ecommerce Engineering team, we exist for wow customer experiences, world class service excellence and hyper growing revenue. To achieve this, we build scalable & extensible architecture to support fast business growth & expansion, we create high performance & resilient backend system to handle increasing customer requests and we setup stable & fault-tolerant mechanisms to guarantee the customer experience. Creating disruptive products & resilient platforms for customers with world-class talents and cutting-edge technology is our vision and our commitment to the company.

About the Role

As an App Security Engineer (Android/iOS), you will be responsible for mobile security, reverse engineering various Android and iOS apps, including but not limited to cracking app obfuscation, decompiling code, and parsing data transmission protocols to uncover the core functional logic and security mechanisms of the apps.

Responsibilities

• Responsible for app security, and reverse engineering various Android and iOS apps, including but not limited to cracking app obfuscation, decompiling code, and parsing data transmission protocols to uncover the core functional logic and security mechanisms of the apps.
• Based on the reverse engineering results, write detailed technical analysis reports, outlining the app's architecture design, key algorithms, API call rules, and potential vulnerabilities to support business decisions or security research.
• Assist the team in setting up the reverse engineering environment and optimizing the usage of reverse engineering toolchains (such as Frida, Xposed, IDA Pro, Hopper, etc.) to improve reverse engineering efficiency.
• Track the technical updates and protection measures of mainstream apps in the industry, summarize the difficulties and solutions encountered in the reverse engineering process, and create reusable technical documentation.

Qualifications

• Bachelor's degree or above in Computer Science, Software Engineering, Information Security, or related fields, with at least 3 years of practical work experience in Android/iOS reverse engineering.
• Successful reverse engineering experience with mainstream apps (e.g., social media, e-commerce, finance) is required, enabling independent completion of the entire process from decompilation to logical analysis.
• Strong logical analysis and problem-solving skills are essential; the ability to quickly identify technical bottlenecks in the reverse engineering process and develop solutions.
• Preference will be given to candidates with information security certifications (e.g., CEH, OSCP) or experience contributing to open-source reverse engineering tools.
• Excellent documentation and communication skills are required; the ability to clearly present reverse engineering results and collaborate effectively with the team.
• Both Mandarin and English speaking are required.

Required Skills

• Proficient in Android reverse engineering techniques, familiar with Smali code analysis, DEX file repair, and AndroidManifest parsing; skilled in using decompilation tools such as IDA Pro, JEB, and Ghidra.
• Proficient in iOS reverse engineering skills, understanding of Mach-O file structure and Objective-C/Swift reverse engineering methods, and able to use tools such as Hopper Disassembler, Cycript, and LLDB for dynamic debugging.
• Familiar with network protocol analysis, able to capture and parse HTTP/HTTPS, WebSocket, and other network requests from apps using tools such as Wireshark and Burp Suite, and reconstruct data interaction logic.
• Possess basic programming skills, at least proficient in one of Java/Kotlin (Android) or Objective-C/Swift (iOS), and able to independently write reverse engineering auxiliary scripts (such as Frida scripts).
• Familiar with common application hardening techniques (such as packing, obfuscation, VMP, etc.) and corresponding unpacking and deobfuscation methods; practical experience is preferred.

Preferred Skills

• Experience with open-source reverse engineering tools.
• Information security certifications (e.g., CEH, OSCP).