About the company

A product company in the cybersecurity field. Develops solutions for protecting web services, APIs, and infrastructure from automated traffic, bots, and other network threats.

The company works with business-critical services where availability, resilience to attacks, and user data protection are important. Currently, the company is developing an anti-bot platform that already works well in browsers and WebView. The next stage is protecting native mobile applications.

Who we are looking for

A Senior Android engineer who has experience with the Android SDK, libraries, or infrastructure mobile components and understands how such code lives within another company's production application.

Responsibilities

• Design and develop Android SDK for anti-bot / anti-abuse protection of native mobile applications.
• Integrate the SDK into the network layer of Android applications: OkHttp, Retrofit, interceptors, custom HTTP clients.
• Collect compact telemetry: app version, package name, signing cert hash, SDK version, OS / device / runtime / environment signals.
• Implement secure client-server flow: bootstrap / server nonce, telemetry collection, protected envelope, attestation request, short-lived trust token.
• Work with app integrity checks, Play Integrity API, root / emulator / debugger / hooking indicators.
• Implement secure storage, update, and transmission of anti-bot tokens on API requests.
• Integrate the SDK with the current WebView / JavaScript challenge logic.
• Make the SDK production-ready: safe degradation, retries, timeouts, debug mode, feature flags, backward compatibility.
• Participate in threat modeling, code review, external audit fixes, and rollout in shadow / enforcement mode.
• Prepare documentation for integration: SDK API, integration guide, edge cases, debugging notes.

We expect you to have:

• Strong experience in Android development with Kotlin and/or Java.
• Experience developing SDKs, libraries, or infrastructure mobile components.
• Understanding of Android lifecycle, storage, permissions, networking.
• Experience with the network layer of Android applications: OkHttp, Retrofit, interceptors.
• Practical understanding of HTTP, cookies, headers, redirects, TLS, API sessions.
• Understanding of the Android security model.
• Understanding of secure client-server communication: nonce, signatures / MAC, encryption, token TTL, replay protection.
• Ability to write stable, testable, backward-compatible production code.
• Willingness to document SDK API, integration guide, and edge cases.

Will be a plus

• Experience in mobile security, anti-fraud, anti-bot, or anti-abuse.
• Experience with Play Integrity API / attestation.
• Experience with root / emulator / debugger / hooking detection.
• Experience with Frida, JADX, apktool, Burp Suite, mitmproxy.
• Experience with JNI / NDK / C / C++ / Rust for Android.
• Experience with WebView, JavaScript bridge, browser fingerprinting, or challenge systems.
• Understanding of ML / risk scoring, false positives, reason codes, shadow mode.
• Experience with threat modeling, security review, or external audit fixes.
• Experience in fintech, banking, payments, iGaming, betting, or other products with high-risk traffic and sensitive user data.

What we offer:

• Flexible work format: remote, hybrid or onsite in certain locations is possible.
• Relocation to Cyprus is available after the probation period; other locations can be discussed individually.
• Voluntary medical insurance / medical insurance, including dental.
• Training compensation after the probation period.
• Quarterly bonuses based on company performance.