As a part of Ecommerce Engineering team, we exist for wow customer experiences, world class service excellence and hyper growing revenue. To achieve this, we build scalable & extensible architecture to support fast business growth & expansion, we create high performance & resilient backend system to handle increasing customer requests and we setup stable & fault-tolerant mechanisms to guarantee the customer experience. Creating disruptive products & resilient platforms for customers with world-class talents and cutting-edge technology is our vision and our commitment to the company.

About the Role

As an App Security Engineer (Android/iOS), you will be responsible for mobile security, reverse engineering various Android and iOS apps, including but not limited to cracking app obfuscation, decompiling code, and parsing data transmission protocols to uncover the core functional logic and security mechanisms of the apps.

Responsibilities

• Responsible for app security, and reverse engineering various Android and iOS apps, including but not limited to cracking app obfuscation, decompiling code, and parsing data transmission protocols to uncover the core functional logic and security mechanisms of the apps.

• Based on the reverse engineering results, write detailed technical analysis reports, outlining the app's architecture design, key algorithms, API call rules, and potential vulnerabilities to support business decisions or security research.

• Assist the team in setting up the reverse engineering environment and optimizing the usage of reverse engineering toolchains (such as Frida, Xposed, IDA Pro, Hopper, etc.) to improve reverse engineering efficiency.

• Track the technical updates and protection measures of mainstream apps in the industry, summarize the difficulties and solutions encountered in the reverse engineering process, and create reusable technical documentation.

Qualifications

• Bachelor's degree or above in Computer Science, Software Engineering, Information Security, or related fields, with at least 3 years of practical work experience in Android/iOS reverse engineering.

• Successful reverse engineering experience with mainstream apps (e.g., social media, e-commerce, finance) is required, enabling independent completion of the entire process from decompilation to logical analysis.

• Strong logical analysis and problem-solving skills are essential; the ability to quickly identify technical bottlenecks in the reverse engineering process and develop solutions.

• Preference will be given to candidates with information security certifications (e.g., CEH, OSCP) or experience contributing to open-source reverse engineering tools.

• Excellent documentation and communication skills are required; the ability to clearly present reverse engineering results and collaborate effectively with the team.

• Both Mandarin and English speaking are required.

Required Skills

• Proficient in Android reverse engineering techniques, familiar with Smali code analysis, DEX file repair, and Android Manifest parsing; skilled in using decompilation tools such as IDA Pro, JEB, and Ghidra.

• Proficient in iOS reverse engineering skills, understanding of Mach-O file structure and Objective-C/Swift reverse engineering methods, and able to use tools such as Hopper Disassembler, Cycript, and LLDB for dynamic debugging.

• Familiar with network protocol analysis, able to capture and parse HTTP/HTTPS, WebSocket, and other network requests from apps using tools such as Wireshark and Burp Suite, and reconstruct data interaction logic.

• Possess basic programming skills, at least proficient in one of Java/Kotlin (Android) or Objective-C/Swift (iOS), and able to independently write reverse engineering auxiliary scripts (such as Frida scripts).

• Familiar with common application hardening techniques (such as packing, obfuscation, VMP, etc.) and corresponding unpacking and deobfuscation methods; practical experience is preferred.\

Preferred Skills

• Experience with open-source reverse engineering tools.

• Information security certifications (e.g., CEH, OSCP).

Recruitment Process

• Application Review
• Phone Interview
• Onsite (or Virtual Onsite) Coding Interview – Offer

The exact nature of the recruitment process may vary according to the specific job and may be changed due to scheduling or other circumstances.

Interview schedules and the results will be informed to the applicant via the e-mail address submitted at the application stage

Details to Consider

This job posting may be closed prior to the stated end date for application if all openings are filled.

Coupang has the right to rescind an offer of employment if a candidate is found to have submitted false information as part of the application process.

Those eligible for employment protection (recipients of veteran’s benefits, the

disabled, etc.) may receive preferential treatment for employment in accordance with applicable laws.

Job titles and responsibilities may be subject to change depending on the candidate’s overall experience, etc. This will be communicated to the candidate at the appropriate time before the offer.

Hiring may be restricted in case the legal qualifications required for hiring and work performance is not met.

Privacy Notice

Your personal information will be collected and managed by Coupang as stated in the Application Privacy Notice located below. https://privacy.coupang.com/en/land/jobs/