Security Researcher (Software Composition Analysis)

O projekcie: About the job PCA Cyber Security specializes in solutions and consulting services for embedded products, focusing on the automotive and financial sectors. We support companies in addressing cybersecurity risks by identifying threats and implementing technological countermeasures. We are seeking a Security Researcher: Software Composition Analysis to join our team in Budapest. This role is not about offensive security: instead, you will be a structural and forensic expert, serving as a key contributor to our Supply Chain security projects. About the role: As a Security Researcher, you will dive deep into the architecture of Android, Linux and other embedded systems to decompose binary images and identify their DNA. Your work will directly impact how we generate accurate SBOMs and identify vulnerabilities within complex software supply chains.  We offer full-time employment with a flexible work schedule, our office is located in Budapest, Hungary. Our team consists of cybersecurity professionals with strong ethics who never stop the process of self-development. We will be glad if you share our approach and join us! Wymagania: Technical Requirements - 3+ years of experience either in security research of embedded and IoT solutions, embedded product vulnerability management, or embedded device software development - Proficient knowledge of Linux OS internals (at least file system structure, access control mechanisms, software package management, network configuration) - Deep Android Internals: Extensive knowledge of Treble, HIDL/AIDL, and HAL boundaries. Understanding of the .apk, .jar, and .apex container formats and how they interact with the Android Build System (Soong/Make). - Component Identification: Ability to use Fuzzy Hashing or Locality Sensitive Hashing (LSH) to identify modified or "stripped" libraries within the Android filesystem. - Programming: Strong scripting and programming skills to automate analysis pipelines. - Vulnerability Data: Experience working with vulnerability databases to map identified components to known risks. Preferred Skills and Mindset:  - Forensic Approach: A focus on structural integrity and software provenance of embedded products. - Familiarity with RTOS (e.g., QNX, VxWorks) and proprietary OSes from development perspective. - Android Deep-Dive: Ability and interest in analyzing the Android Build System (Soong/Make) and navigating AOSP components. - Partition Forensic: Conduct detailed analysis of /system, /vendor and /product partitions to understand software provenance. - Experience in C/C++: development and/or security code review - Algorithmic Interest: Background in similarity analysis and locality hashes. - Standards Knowledge: Familiarity with industry SBOM and cybersecurity standards. - LLM-Aided Binary Analysis: Experience leveraging Large Language Models to assist in de-obfuscation, function naming, or structural analysis of complex Android partitions. - Native Code Expertise: Familiarity with Android’s Bionic C library and how native .so libraries link within the environment. - Tooling Proficiency: Experience with reverse engineering tools such as Ghidra, IDA, or JEB Decompiler, dynamic instrumentation via Frida or eBPF, and command-line utilities like dexdump or baksmali. - Collaborative Logic: Ability to work within a small, fast-paced team of professionals with strong ethics. Codzienne zadania: - Binary & Static Analysis: Extract metadata from ELF and DEX/ART files and perform Software Composition Analysis (SCA) to identify open-source and proprietary components. - Define rules for our in-house embedded software analysis platform to automatically perform binary firmware image unpacking; component enumeration (building Software Bill of Materials); detection of misconfigurations, threats, and vulnerabilities in embedded software. - Test the analysis platform with various embedded software images. - Overview the output of the analysis platform, identify points for improvement with the overall goal of maximizing the coverage (supported file formats and detected vulnerabilities) and minimizing false-positive security findings. - Supply Chain Mapping: Utilize SBOM standards to identify components via CPE and PURL. - Similarity Research: Apply algorithmic approaches like Fuzzy Hashing and Locality Sensitive Hashing (LSH) to identify code reuse.