Detection Researcher (iOS Focused)

Location: Worldwide with preference for candidates in Europe Zimperium® is an industry leader in enterprise mobile security, being the first and only company to provide a complete mobile threat defense system that offers real-time, on device world-class protection against both known and unknown next generation of advanced mobile cyberattacks and malware. Our MTD and award-winning machine learning-based engine protects against device, network, phishing and application attacks for IOS, Android and Windows devices, using a non-intrusive approach to always protect privacy of users. We are seeking a highly skilled and inquisitive security engineer with deep technical expertise in mobile threat detection and operating system internals. This role focuses on researching, developing, and improving cutting-edge detection capabilities against techniques such as jailbreaking, hooking, and mobile application tampering. The ideal candidate combines strong technical depth with an open and adaptive research mindset, maintaining versatility across diverse security challenges. Proficiency in analyzing and coding for the iOS environment, as well as conducting and reviewing high-quality technical work, is essential for success in this position. Key Responsibilities

Research and analyze advanced detection bypass techniques (e.g., jailbreaking, hooking, and runtime application/system tampering) to assess threats to our detection systems.

Evaluate and reverse-engineer tools and frameworks used to attack or evade our products, documenting findings and attack vectors.

Lead and participate in structured brainstorming sessions to generate novel detection ideas and countermeasures.

Design, prototype, and implement new detection techniques and algorithms for the iOS platform.

Develop, maintain, and improve internal tooling and automation to accelerate analysis, triage, and detection development.

Review and interpret forensic data provided by customers, produce clear technical reports, and provide actionable guidance and remediation support.

Perform and contribute to internal penetration testing and adversary emulation of newly introduced security features to validate effectiveness.

Write and publish technical blog posts to raise awareness of emerging security risks and share insights with customers and the wider security community.

Required Skills & Experience

Proven ability to collaborate effectively within a team environment, including forming and leading focused sub-groups to deliver specific project features or research objectives.

Strong knowledge of iOS operating system internals (e.g., sandboxing, code-signing), with a particular focus on runtime application security mechanisms and techniques for detecting system tampering and device compromise.

Proficiency in reverse engineering using tools such as IDA Pro, Ghidra, Hopper, or equivalent, including experience writing scripts, leveraging their SDKs, and isolating and reporting technical issues.

Demonstrated ability to think both offensively and defensively, approaching analysis tasks with the mindset of both an attacker and a defender.

Solid programming experience in C, Python, Objective-C and Swift, with the ability to produce efficient, maintainable, and secure code.

Good understanding of ARM64 assembly to develop really task specific and time critical functions.

Experience in data analysis methods applied to the forensics investigations is considered a plus.

Proficiency with debugging and dynamic binary instrumentation tools (e.g., LLDB, Frida, Objection, QBDI).

Capability to reverse engineer proprietary protocols and interprocess communication mechanisms (e.g., XPC, mach messages, IOKit).

Practical knowledge of jailbreak methods and iOS exploit classes (e.g., kernel exploits, sandbox escapes, code-signing bypasses), ideally experience in analyzing such exploits or exploit chains is a big plus.