Defining the forefront
of innovation

Mastering Vulnerability Research

Dataflow Security — a results-driven research firm, consistently delivering singular and bespoke applied research results

Our Mission

Be the world’s most trusted one-stop powerhouse for security research, helping our partners accomplish their critical missions.

Our Vision

We leverage curiosity and excellence to provide our partners with the essential building blocks underlying their digital intelligence and offensive cyber capabilities.

About Us

Dataflow Security (“dfsec”) was founded in 2020 by leaders in the security research community. Our sole focus is on vulnerability research and exploit development.

The firm is home to a world-class R&D team, composed of elite researchers who excel at finding and exploiting vulnerabilities in popular operating systems, browsers, and applications.

As the complexity of offensive security research continuously grows, we remain consistently ahead of the industry curve.

Years of experience and expertise in the interaction between platform architectures, subsystems, and subcomponents, allow us to deliver unique and impactful research outcomes.
These outcomes are essential for building and maintaining our partners’ digital intelligence and offensive cyber capabilities.

With great knowledge comes great responsibility. At dfsec, we serve a very select few. Only government organizations that have been carefully vetted or their certified suppliers are eligible.

0 +
85+ employees, including 60+ experienced security researchers, across 6 different R&D teams.
0 +
10+ keynotes & talks.
0
6 domain-specific R&D teams.
0

0 debt or loans.

0 +
10+ conferences sponsored by dfsec.
0 %
30%+ of our overall costs are allocated to employee bonuses.

Inventory

The firm’s extensive inventory includes unique capabilities for the most popular mobile and desktop operating systems, browsers, and applications.

The inventory can be accessed and viewed via dfsec’s private live-catalog platform. 

New exploits are frequently added, and every listing includes in-depth technical specifications.

Services

We utilize tools developed in-house and the combined brainpower of the entire team to efficiently deliver production-grade results.

Our partners, preoccupied with multiple missions, find it challenging to balance the resources required to overcome these complex challenges.

We offer a wide variety of tailored R&D services, allowing our partners to outsource the technological heavy lifting to our trusted hands.

Vulnerability Research

  • Finding impactful vulnerabilities in complex codebases.
  • Reversing and analyzing closed-source code.
  • Validating the exploitability of bugs.
  • Validating the viability of attack surfaces.

Exploit Development

  • Developing production-grade exploits.
  • Optimizing non-reliable exploits or chain of exploits.
  • Porting a reliable exploit to different device models and software versions.
  • Chaining two or more exploits.

Training

  • Customized training programs, meticulously tailored to meet specific needs, ensuring they are well-equipped to handle contemporary complex challenges.

Our services and/or training are available only to carefully selected governments and their certified vendors.

Careers

dfsec brings together the best minds from many regions around the world to collaborate on security research.

We are relentless in our efforts to provide our people with culture and incentives to solve the toughest problem in an open and enriching environment.

As systems become more complex, the path forward in security research will be led by organizations that are able to facilitate a culture of collaboration.

dfsec is committed to respecting and empowering the next generation of security researchers as we continue building a company to be proud of.

Available Positions:

We are always looking for great additions to our talent pool, so we encourage senior researchers to submit their application even if there is no available position on the website.

Requirements:

  • Proven track record of finding exploitable vulnerabilities in widely deployed software such as browsers, servers, OSs, instant messengers, enterprise software, popular embedded devices;
  • Solid understanding of predominant bug classes and patterns;
  • Solid understanding of current and upcoming security mitigations;
  • Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
  • Good written English.

What we offer:

  • Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
  • Career Development: Further your career by joining a team of established and experienced security researchers;
  • Work Environment: Fully remote with flexible work schedule;
  • Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a security researcher in our Browser team. A person in this role will conduct vulnerability research on Web Browsers.

 

Responsibilities:

  • Help develop and carry out the Browser team research strategy by doing vulnerability research, reverse engineering and exploit development on Web Browsers;
  • Provide unbiased insights and ideas to the research team;
  • Develop proof-of-concept code and exploits to the quality standard of DFSEC;
  • Remain on top of various developments related to Web Browsers such as security mitigations, new features, etc.

 

Requirements:

  • Track record of finding impactful vulnerabilities (RCE or Sandbox escape) in Web Browsers during the last year;
  • Deep knowledge of Web Browsers architecture and internals;
  • Solid understanding of predominant bug classes and patterns;
  • Solid understanding of current and upcoming security mitigations;
  • Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
  • Exploitation experience is a plus, but not required;
  • Good written English.

 

What we offer:

  • Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
  • Career Development: Further your career by joining a team of established and experienced security researchers;
  • Work Environment: Fully remote with flexible work schedule;
  • Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a security researcher in our Android team. A person in this role will conduct vulnerability research around the Android ecosystem at the baseband level.

 

Responsibilities:

  • Help develop and carry out the Android team research strategy by doing vulnerability research, reverse engineering and exploit development on baseband-related research projects;
  • Provide unbiased insights and ideas to the research team;
  • Develop proof-of-concept code and exploits to the quality standard of DFSEC;
  • Remain on top of various developments related to baseband architecture and chipset ecosystem such as security mitigations, new additions, etc.

 

Requirements:

  • Track record of finding remotely exploitable baseband vulnerabilities;
  • Good knowledge of baseband architecture and internals;
  • Some understanding of current baseband bug classes and patterns;
  • Some insight on current and upcoming baseband security mitigations;
  • Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
  • Exploitation experience is a plus, but not required;
  • Good written English.

 

What we offer:

  • Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
  • Career Development: Further your career by joining a team of established and experienced security researchers;
  • Work Environment: Fully remote with flexible work schedule;
  • Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a security researcher in our Android team. A person in this role will conduct vulnerability research around the Android kernel.

 

Responsibilities:

  • Help develop and carry out the Android team research strategy by doing vulnerability research, code auditing and exploit development on the Android kernel;
  • Provide unbiased insights and ideas to the research team;
  • Develop proof-of-concept code and exploits to the quality standard of DFSEC;
  • Remain on top of various developments related to Android and the Linux kernel such as security mitigations, new additions, etc

 

Requirements:

  • Track record of finding exploitable vulnerabilities in the Linux/Android kernel during the last year;
  • Knowledge of Android architecture and internals;
  • Solid understanding of current bug classes and patterns;
  • Solid understanding of current and upcoming security mitigations;
  • Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
  • Some experience with kernel exploitation;
  • Good written English.

 

What we offer:

  • Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
  • Career Development: Further your career by joining a team of established and experienced security researchers;
  • Work Environment: Fully remote with flexible work schedule;
  • Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a security researcher in our iOS team. A person in this role will conduct vulnerability research around the iOS Kernel.

 

Responsibilities:

  • Help develop and carry out the iOS team research strategy by doing vulnerability research, reverse engineering and exploit development on iOS;
  • Provide unbiased insights and ideas to the research team;
  • Develop proof-of-concept code and exploits to the quality standard of DFSEC;
  • Remain on top of various developments related to iOS such as new security mitigations, new features, etc.

 

Requirements:

  • Track record of finding impactful vulnerabilities (LPE, PAC bypasses, PPL bypass, Code Signing bypass) in iOS during the last year;
  • Deep knowledge of iOS architecture and internals;
  • Solid understanding of predominant bug classes and patterns;
  • Solid understanding of current and upcoming security mitigations;
  • Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
  • Exploitation experience is a plus, but not required;
  • Good written English.

 

What we offer:

  • Finance: Highly competitive compensation package;
  • Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
  • Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.

We are looking to fill the position of a bootloader security researcher in our Android team. A person in this role will conduct vulnerability research around the Android ecosystem at the bootloader level.

 

Responsibilities:

  • Help develop and carry out the Android team research strategy by doing vulnerability research, reverse engineering and exploit development on bootloader-related research projects;
  • Provide unbiased insights and ideas to the research team;
  • Develop proof-of-concept code and exploits to the quality standard of DFSEC;
  • Remain on top of various developments related to bootloaders and chipset ecosystem such as security architecture, etc.

 

Requirements:

  • Track record of finding exploitable bootloader vulnerabilities for at least one major Android system-on-chip manufacturer (e.g. Samsung/Exynos, Mediatek, Qualcomm and/or HiSilicon);
  • Good knowledge of Android boot architecture and internals;
  • Good knowledge of Arm boot and security architecture and internals;
  • Good knowledge of bare metal firmware reverse engineering;
  • Some understanding of current bootloader bug classes and patterns;
  • Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
  • Good written English.

 

What we offer:

  • Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
  • Career Development: Further your career by joining a team of established and experienced security researchers;
  • Work Environment: Fully remote with flexible work schedule;
  • Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a quality assurance engineer who would be responsible for quality assurance engineering efforts on mobile devices. This role involves active collaboration with our research teams by performing continuous quality assurance tasks i.e. performing continuous testing, optimization and code porting tasks.

 

Responsibilities:

  • Ensure that Dataflow iOS and Android products are well tested and follow a high quality standard.
  • Improve quality of Dataflow‘s deliverables through optimization, porting and documentation.
  • Maintain and contribute to various internal framework codebases.

 

Requirements:

  • Strong low level engineering skills in C.
  • Basic knowledge of Python or JavaScript.
  • Familiarity with working on mobile phones (rooting devices, building custom kernels, flashing IPSWs).
  • Ability to apply a scientific mindset to the problem of exploit reliability, testing and optimization.
  • Located in Bassano del Grappa, Italy.

 

What we offer:

  • Finance: Highly competitive compensation package;
  • Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more.
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.
At Dataflow Security, we offer you a unique challenging and rewarding environment to provide immediate impact for both internal and external projects and their stakeholders. Dataflow Security, is a global leader in mobile security research, comprising the most talented researchers across the globe, to solve the hardest technical challenges, to create a safer world for everyone. We are looking to fill the position of a technical project manager. A person in this role will perform management tasks and work closely with our director of project management.

 

Responsibilities:

  • Analyze and understand, roles and responsibilities for team members required for each specific project;
  • Participate within technical team meetings to gather insight about project status;
  • Facilitate communication with leadership and other stakeholders, including regular reports regarding implemented strategy;
  • Create and maintain internal policy and guidelines in relation to technical projects;
  • Maintain hardware and software acquisition for technical projects;
  • Oversee day-to-day operations and perform general administrative tasks such as gathering feedback from team members.

 

Requirements:

  • Ability to predict upcoming challenges and communicate with key stakeholders of each project those concerns;
  • Excellent time management and organizations skills;
  • Excellent communication skills and ability to proactively seek solutions to problems;
  • Proven experience in a managerial role;
  • Strong decision-making capabilities;
  • Ability to motivate and lead people, and hold team members accountable;
  • Experience managing people.

 

What we offer:

  • Finance: Highly competitive compensation package;
  • Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
  • Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
  • Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.

We seek a Technical Talent Acquisition Manager to identify and recruit exceptional talent, ensuring our company’s current and future hiring needs are met.

Responsibilities:

Dataflows’ Technical Talent Acquisition Manager will be responsible for the following:

  • Assess and ensure that current and future hiring needs are aligned with business strategy and departmental requirements.
  • Participate within technical team meetings to gather insight about project status.
  • Develop and execute the talent acquisition strategy, techniques and procedures.
  • Create job descriptions and define roles and responsibilities for each position.
  • Utilize various recruitment channels, including social media, networking events, conferences, etc.
  • Review applications, conduct background checks, and manage candidate selection processes.
  • Assist with setting, and ongoing adjustment, of competitive salaries and benefits packages to attract top talents.
  • Build and maintain relationships with key players in the industry, organizations, and talent pools.
  • Stay updated on industry trends to understand skill requirements for roles.
  • Monitor key performance indicators to measure recruitment effectiveness.
  • Manage and foster employee engagement through initiatives like referral programs, women mentorship programs, etc.
  • Facilitate the onboarding of new employees and support them until they are fully integrated into their respective teams.

 

Requirements:

  • Degree in Human Resources Management, Business Administration, or related field.
  • Prior experience as a Technical Talent Acquisition Manager or similar HR role. Advantage for international experience in the security research domain.
  • Strong cross-cultural interpersonal, verbal, and written communication skills.
  • Fluent in English (Native proficiency preferred).
  • Exceptional organizational skills with a keen attention to detail.
  • Proficiency in job posting sites and professional social media platforms (e.g., LinkedIn, Twitter).
  • Familiarity with various selection methods, including interviews, assignments, and psychological tests.
  • Ability and willingness to travel (20%).

 

What we offer:

  • Competitive Salary: We offer a salary that matches your experience and skills and is competitive within the EU market.
  • Competitive Commission: Attractive commission rates for performance, rewarding your contribution to our growth and success.
  • Performance Bonuses: Annual performance bonuses to recognize and reward significant contributions to our mission.
  • Continued Learning: We support the professional growth of our employees through access to online courses, workshops, and conferences.
  • Work Environment: Fully remote work environment as part of experienced and renowned security researchers.
  • Wellness Programs: Access to mental health support, fitness classes, and a wellness stipend.

We are in search of a Marketing & Employee Experience Manager who will serve as the driving force behind our marketing endeavors, and curate transformative events that enhance our brand visibility and foster meaningful connections with our audience.

 

Responsibilities:

Dataflows’ Marketing & Employee Experience Manager will be responsible for the following:

  • Develop and implement comprehensive marketing strategies to effectively promote the company’s brand recognition.
  • Manage and contribute to the company’s online presence across various platforms, including website, social media channels (Twitter, LinkedIn), and relevant industry publications.
  • Create compelling content for marketing materials, including brochures, website copy, and social media posts, adhering to brand guidelines.
  • Engage with the company’s community on social media platforms as a community manager, fostering meaningful interactions and promoting thought leadership.
  • Optimize SEO strategies to enhance the company’s visibility and rankings on search engines.
  • Plan and execute the company’s presence at key industry global conferences and events, including booth setup, staff coordination, and sponsorship opportunities.
  • Develop, execute and champion the company’s employee experience policy according to its vision, mission and values. Conceptualize, plan, and execute a diverse range of internal and external global events, including offsites, gatherings, conferences, workshops, and Capture The Flag (CTF) competitions.
  • Organize customer outreach global events, such as professional group sponsorships, dinners, and lunch & learn sessions, to build relationships and generate leads.
  • Align employee experience with company values to ensure that all employee touchpoints reflect the company’s values and brand.
  • Lead employer branding initiatives to attract top talent and maintain a strong employer brand image.

 

Requirements:

  • A bachelor’s degree in marketing, communications, business administration, or a related field. A master’s degree or professional certification in marketing or event management can be a plus.
  • Minimum of 3-5 years of experience in marketing, event management and employee experience management, preferably within the cybersecurity or technology industry.
  • Proven track record of developing and executing successful marketing campaigns and organizing high-impact events.
  • Knowledge and understanding in digital marketing strategies, including SEO, social media management, and content creation.
  • Familiarity with cybersecurity terminology, trends, and target audience preferences.
  • Strong project management skills with the ability to multitask and meet deadlines in a fast-paced environment.
  • Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and external stakeholders.
  • Ideally have an established network within the cybersecurity community and relevant industry contacts.
  • Active presence on professional networking platforms like LinkedIn, with a demonstrated ability to engage with industry influencers and thought leaders.
  • Ability and willingness to travel (20%).

 

What we offer:

  • Competitive Salary: We offer a salary that matches your experience and skills and is competitive within the EU market.
  • Competitive Commission: Attractive commission rates for performance, rewarding your contribution to our growth and success.
  • Performance Bonuses: Annual performance bonuses to recognize and reward significant contributions to our mission.
  • Continued Learning: We support the professional growth of our employees through access to online courses, workshops, and conferences.
  • Work Environment: Fully remote work environment as part of experienced and renowned security researchers.
  • Wellness Programs: Access to mental health support, fitness classes, and a wellness stipend.
For more details on how to apply, contact us at:

Did you find an impactful vulnerability in a popular software?

Reach out to discover its current market value.

Blog

Research Blog and Insights

Contact Us

Business Inquiries

Please note: Our services and exploits are available only to government agencies and their certified vendors.

Events

June 14 - 15, 2024

WarCon

Warsaw, Poland

see more ->

October 4 - 5, 2024

Hexacon

Paris, France

see more ->

November 7 - 8, 2024

POC

Seoul, South Korea

see more ->

Dataflow Forensics

Dataflow Forensics (“DFF”) is part of the Dataflow Security Group. DFF provides trusted partners and customers with advanced mobile threat detection technology to detect sophisticated attacks on mobile devices.

DFF is the only reliable solution available that effectively addresses the challenge of detecting exploit based indicators of compromise on the latest versions of mobile operating systems.

© 2024 DFSEC. All rights reserved.