Senior Offensive Security Researcher - Android Chromium Sandbox Security
External
Trenchant · WorldwideFull-timeOn-site2mo ago
AndroidPython
Prepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
About the role
We are seeking an expert offensive security researcher to conduct advanced vulnerability research and security testing focused on Chromium/Chrome on Android, with an emphasis on sandbox security. The role centers on identifying high-impact flaws across process isolation, IPC surfaces, and privileged service, and producing rigorous technical analysis, high-quality reproducers, and actionable remediation insights.
Responsibilities
- Perform deep vulnerability research in Chromium (Android) with focus on sandbox and isolation failures.
- Identify vulnerabilities and security weaknesses in:
- o Sandbox policy and broker interfaces
- o Mojo IPC surfaces (interface misuse, validation gaps, lifetime/ownership issues)
- o Browser process services and privileged components
- o Chrome-on-Android integration layers (JNI, service interactions, Android-specific glue code)
- Develop minimal, reliable reproducers and PoCs
- Conduct exploitability and impact analysis
- Build and maintain research tooling:
- o fuzzing harnesses and targets
- o crash triage automation, repro minimization, regression testing
- o patch diffing and variant analysis workflows
- Track upstream Chromium security-relevant changes and help assess risk and priority across versions.
- Required Qualifications:
- Strong track record in finding security vulnerabilities in large C/C++ codebases (Chromium-scale preferred).
- Solid understanding of Chromium architecture on Android:
- o multi-process model (renderer/browser/GPU/network/service processes)
- o sandbox model and privilege separation concepts on Android
- o Mojo IPC concepts (interfaces, bindings, serialization, validation, object lifetimes)
- Hands-on experience with ARM64 Android debugging and analysis:
- o crash triage, root cause analysis, minimizing repros
- o familiarity with modern hardening constraints (ASLR, CFI variants, PAC/BTI where relevant)
- Proficiency in C/C++ and a scripting language (Python preferred) for automation/tooling.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at Trenchant? Share your experience