our mission

You are a student or pursuing a PhD and want to learn about how professional security researchers think and work? Work as part of our world class team of international experts on a security research project tailored to your personal interests. The internship is offered by Dataflow Italy or Dataflow US, depending on your location.

This is a great opportunity to get your feet wet in real world vulnerability research with a mentor who is a successful researcher with multiple years of experience.

Location: This is a REMOTE opportunity with our distributed research team.

Time frame: 12-16 weeks during summer/fall of 2023

Requirements:

• a strong interest in security and low level internals of widely deployed software
• an analytic mind and eagerness to learn
• a passion for understanding systems

Application Deadline: December 15th, 2022

Application Process: Please send a short cover letter as well as an up to date CV to [email protected] (without email encryption)

Compensation: Competitive salary plus potential for additional bonuses depending on your specific project.

Potential focus areas:

• Vulnerability research
• Static source code analysis
• iOS research
• Android research
• Browser research
• 1-day research
• Fuzzing
• Emulation
• Reverse engineering

We are looking to fill the position of Head of Engineering. A person in this role will be responsible for leading our engineering team and help Dataflow maximize its internal engineering efforts, tools and infrastructure. To be successful in this role, you should be confident leading our engineering team while, at the same time, setting goals, budgets and timelines for various projects. We also expect you to be in charge of integrations and software development plans from ideation to execution.

Responsibilities:

• Leading and developing the engineering and DevOps team;
• Implementing best practice engineering methods;
• Providing technical guidance to engineering teams and top management;
• Planning, managing and executing internal engineering projects, such as R&D, infrastructure and business applications;
• Prepare and manage the engineering team budget;
• Recruiting engineers and coordinating their training;
• Generating, implementing and optimizing process improvements;
• Investigating digital technologies and making suggestions to the VP of Information Security;
• Designing and implementing new IT & security products and procedures;
• Creating new ways to address existing security challenges;
• New duties and responsibilities may be added or removed throughout your period at the company.

Requirements:

• Leadership abilities with a strategic mind;
• A strong background in software engineering (at least 5 years);
• Experience working as part of or leading an engineering team with agile methodologies (e.g. Scrum);
• Experience working with Linux/Python-based application stacks;
• Basic familiarity with Ansible;
• Familiarity with infrastructure and networking topics;
• Ability to be successful leading a team at a remote-only company;
• Ability to take initiatives and generate results;
• Good and effective verbal and written English communication skills.

What we offer:

• Finance: Highly competitive compensation package;
• Career Development: Enjoy off-topic time and access to the most attractive international training, conferences and more;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
• Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.

We are looking to fill the position of a security researcher in our Browser team. A person in this role will conduct vulnerability research on Web Browsers.

Responsibilities:

• Help develop and carry out the Browser team research strategy by doing vulnerability research, reverse engineering and exploit development on Web Browsers;
• Provide unbiased insights and ideas to the research team;
• Develop proof-of-concept code and exploits to the quality standard of DFSEC;
• Remain on top of various developments related to Web Browsers such as security mitigations, new features, etc.

Requirements:

• Track record of finding impactful vulnerabilities (RCE or Sandbox escape) in Web Browsers during the last year;
• Deep knowledge of Web Browsers architecture and internals;
• Solid understanding of predominant bug classes and patterns;
• Solid understanding of current and upcoming security mitigations;
• Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
• Exploitation experience is a plus, but not required;
• Good written English.

What we offer:

• Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
• Career Development: Further your career by joining a team of established and experience security researchers;
• Work Environment: Fully remote with flexible work schedule;
• Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a security researcher in our Android team. A person in this role will conduct vulnerability research around the Android ecosystem at the system level.

Responsibilities:

• Help develop and carry out the Android team research strategy by doing vulnerability research, reverse engineering and exploit development on Android-related research projects;
• Provide unbiased insights and ideas to the research team;
• Develop proof-of-concept code and exploits to the quality standard of DFSEC;
• Remain on top of various developments related to Android and the Linux kernel such as security mitigations, new additions, etc.

Requirements:

• Track record of finding impactful vulnerabilities (LPE) in Android during the last year;
• Deep knowledge of Android architecture and internals;
• Solid understanding of current bug classes and patterns;
• Solid understanding of current and upcoming security mitigations;
• Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
• Exploitation experience is a plus, but not required;
• Good written English.

What we offer:

• Finance: Highly competitive compensation package with an additional monetary bonus system based on exploitable vulnerability findings;
• Career Development: Further your career by joining a team of established and experience security researchers;
• Work Environment: Fully remote with flexible work schedule;
• Off-topic Research: We allow researchers, at their discretion, to spend up to 15% of their time conducting research on other topics;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

We are looking to fill the position of a security researcher in our iOS team. A person in this role will conduct vulnerability research around the iOS Kernel.

Responsibilities:

• Help develop and carry out the iOS team research strategy by doing vulnerability research, reverse engineering and exploit development on iOS;
• Provide unbiased insights and ideas to the research team;
• Develop proof-of-concept code and exploits to the quality standard of DFSEC;
• Remain on top of various developments related to iOS such as new security mitigations, new features, etc.

Requirements:

• Track record of finding impactful vulnerabilities (LPE, PAC bypasses, PPL bypass, Code Signing bypass) in iOS during the last year;
• Deep knowledge of iOS architecture and internals;
• Solid understanding of predominant bug classes and patterns;
• Solid understanding of current and upcoming security mitigations;
• Ability to conduct long-term and widely scoped security research projects as part of a broader team effort;
• Exploitation experience is a plus, but not required;
• Good written English.

What we offer:

• Finance: Highly competitive compensation package;
• Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
• Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.

Our Information Security team works diligently to ensure Dataflow Security software, hardware, and related components are protected from cyber-attacks. We’re developing our security systems, analyzing current systems for vulnerabilities, and preparing to handle cyber-attacks against us.

Responsibilities:

• Develop and carry out information security plans and policies;
• Develop strategies to respond to and recover from a security breach;
• Develop or implement open-source/third-party automation tools to assist in detection, prevention and analysis of security threats;
• Implement protections for company's cloud and on premise systems;
• Implement best practises of securing Public \ Private Cloud and application configurations;
• Conduct periodic scans to find any vulnerability or discrepancy with corporate standards;
• Ensure IaC, Applications and Infrastructure are delivered in a consistently safe fashion;
• Work with the IT and DevOps teams to mitigate the risk caused by the discovered weaknesses;
• Monitor Public \ Private cloud for security breaches, through the use of software that detects intrusions and anomalous system behavior;
• Investigate security breaches;
• Lead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.

Requirements:

• Expertise in designing secure systems, application and IaC architectures;
• Experience with computer forensic tools, technologies and methods;
• Expertise in anti-virus software, intrusion detection, firewalls and content filtering;
• Knowledge of risk assessment technologies and methods;
• Planning, researching and developing security policies, standards and procedures;
• Experience with AWS and cloud platform as a service (PaaS) security;
• Experience with use of automating security testing tools;
• Good understanding of MITRE ATT&CK® security framework;
• Certified Information Systems Security Professional (CISSP) or equivalent is a plus;
• Must take ownership, demonstrate a sense of urgency, and ensure accuracy and quality;
• Strong organizational skills.

What we offer:

• Finance: Highly competitive compensation package;
• Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
• Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.

Our Information Security team works diligently to ensure Dataflow Security software, hardware, and related components are protected from cyber-attacks. We’re developing our security systems, analyzing current systems for vulnerabilities, and preparing to handle cyber-attacks against us.

Information Security ELK Engineer will be part of the information Security team. The selected candidate will be responsible for design and development of the ELK based SIEM system. The engineer will work with other teams to collect security logs from various systems and platforms and to properly analyze them for security violations in order to protect corporate assets.

Responsibilities:

• Design, develop and implement SIEM system that could meet company security standards and requirements;
• Design, develop and implement SIEM integrations with other systems that could help to enrich SIEM capabilities;
• Collaborate with IT to appropriately configure cybersecurity systems and services and to monitor for indications of compromise;
• Participate in security log collection configuration in order to enable fast threat detection and response;
• Develop dashboards, reports, and alerts to meet their cybersecurity operational information requirements.

Requirements:

• Should have strong knowledge in ELK stack;
• Strong experience in Design, build, deploy, maintain and enhance ELK platform;
• Strong hands-on experience in using Elastic search Indexes, Elastic search APIs, Kibana Dashboards, Logstash and filebeat;
• Knowledge of scripting languages like Python, Shell Script and PowerShell;
• Ability to work independently and as part of a team with minimal supervision;
• Good verbal and written communication skills;
• Good problem solving and analytical skills;
• Understanding security concepts and has experience with security monitoring of Public Cloud, Private Cloud - IaaS/PaaS/SaaS.

What we offer:

• Finance: Highly competitive compensation package;
• Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
• Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.

We are looking to fill the position of a QA Engineer who would be responsible for quality assurance engineering efforts on mobile devices. This role involves active collaboration with our research teams by performing continuous quality assurance tasks i.e. performing continuous testing, optimization and code porting tasks.

Responsibilities:

• Ensure that Dataflow iOS and Android products are well tested and follow a high quality standard;
• Improve quality of Daraflow‘s deliverables through optimization, porting and documentation;
• Maintain and contribute to various internal framework codebases.

Requirements:

• Strong low level engineering skills in C;
• Basic knowledge of Python or JavaScript;
• Familiarity with working on mobile phones (rooting devices, building custom kernels, flashing IPSWs);
• Ability to apply a scientific mindset to the problem of exploit reliability, testing and optimization.

What we offer:

• Finance: Highly competitive compensation package;
• Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
• Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more.

At Dataflow Security, we offer you a unique challenging and rewarding environment to provide immediate impact for both internal and external projects and their stakeholders. Dataflow Security, is a global leader in mobile security research, comprising the most talented researchers across the globe, to solve the hardest technical challenges, to create a safer world for everyone. We are looking to fill the position of a technical project manager. A person in this role will perform management tasks and work closely with our director of project management.

Responsibilities:

• Analyze and understand, roles and responsibilities for team members required for each specific project;
• Participate within technical team meetings to gather insight about project status;
• Facilitate communication with leadership and other stakeholders, including regular reports regarding implemented strategy;
• Create and maintain internal policy and guidelines in relation to technical projects;
• Maintain hardware and software acquisition for technical projects;
• Oversee day-to-day operations and perform general administrative tasks such as gathering feedback from team members.

Requirements:

• Ability to predict upcoming challenges and communicate with key stakeholders of each project those concerns;
• Excellent time management and organizations skills;
• Excellent communication skills and ability to proactively seek solutions to problems;
• Proven experience in a managerial role;
• Strong decision-making capabilities;
• Ability to motivate and lead people, and hold team members accountable;
• Experience managing people.

What we offer:

• Finance: Highly competitive compensation package;
• Career Development: Enjoy off-topic time and access to the most attractive international training, conferences, hackathons, and more;
• Wellness: We offer a prime wellness program designed to promote a healthy lifestyle, which includes, but not limited to access to gyms around the world, health coaching, and more;
• Work Environment: Fully remote work environment as part of experienced and renowned mobile security researchers.