We are Raft – a company that creates custom AI solutions for business: from implementing generative models to production integrations, DevOps logic, and complex architectures. Our focus is on reliable, scalable, and business-oriented AI products for clients.

We are hiring for our international unit within a team focused on researching Android malware.

This role offers the opportunity to conduct comprehensive malware analysis, identify new threats, and contribute to the understanding of threats targeting Android. The ideal candidate has a positive, proactive approach to work, is a reliable team player, and possesses strong technical skills in Android malware analysis.

About the client:

A major technology company – one of the global leaders in AI security and Trust & Safety.

The client works with top AI labs and corporate platforms, helping companies safely launch and scale generative models, assistants, and agentic systems. Their focus is protecting AI products from abuse, circumvention of safeguards, manipulation, and other threats.

Responsibilities:

• Conduct static and dynamic analysis of Android applications, including malicious samples
• Perform reverse engineering of mobile malware, including obfuscated and packed applications
• Identify attack mechanisms: C2 communications, data exfiltration, persistence
• Analyze various types of malware (banking trojans, spyware, RATs, droppers, etc.)
• Bypass defensive mechanisms: anti-debugging, anti-emulation, SSL pinning, root detection
• Extract IOCs and create reports on analysis findings
• Develop signatures and behavioral indicators for threat detection
• Participate in threat hunting, incident response, and red team activities
• Document research results and form defense recommendations

Requirements:

• Minimum 5+ years of experience in reverse engineering and malware analysis
• Deep experience in analyzing Android malware
• Understanding of Android architecture (Java/Kotlin, Smali, ARM native libraries)
• Hands-on experience with static and dynamic analysis
• Knowledge of obfuscation, packing, and defense bypass techniques
• Confident use of tools: JADX, Ghidra, IDA Pro, Frida, Apktool, Wireshark, etc.
• Understanding of C2 operations, data exfiltration, and persistence mechanisms
• Strong analytical skills and ability to conduct research; provide support in incident response, conduct red team simulations, and participate in proactive threat hunting initiatives
• Experience in writing technical documentation and reports
• English language – at least B2+ (spoken and written), readiness to interview in English

Conditions:

• Full-time remote work
• Project work: 6+ months, with possibility of extension and transition to other projects with the same client
• Work on high-tech cybersecurity tasks
• Participation in research and practical projects
• Work within a team of skilled professionals and knowledge sharing
• Format: B2B contract (Individual Entrepreneur)
• Payment in US dollars
• Location: strictly outside of Russia
  • either already reside outside of Russia
  • or be prepared for self-funded relocation for the duration of the project