Senior Reverse Engineer / Vulnerability researcher

About Quarkslab

Quarkslab is a French company specialized in information security R&D, consulting, and software development. Our expertise lies in combining offensive and defensive security to help organizations adopt a new security posture: forcing attackers, not defenders, to constantly adapt. Through our consulting services and software solutions, we provide tailored solutions that help organizations protect their assets, sensitive data, and users against increasingly sophisticated attacks.

Quarkslab is an avid and active user of Open Source software, as well as a contributor. The company develops and maintains state-of-the-art security tools such as LIEF, QBDI, Triton, Irma, and several other projects.

Join our R&D Team to hunt and exploit bugs deep in System-on-Chips (SoC), mobile platforms, or IoT devices.

We dive into bootchains, basebands, firmwares, secure enclaves, and low-level protocols, finding vulnerabilities that shape the next generation of security defenses.

You’ll work with world-class engineers, build your own tools, and publish responsibly when research allows.

🧩 Key Responsibilities

- Reverse engineer firmware, kernels, and trusted execution environments (ARM, AArch64, DSP).

- Identify, analyze, and exploit vulnerabilities in SoC components, mobile OS, and IoT stacks.

- Design fuzzing campaigns for parsers, protocols, and IPC interfaces.

- Develop PoCs and exploits demonstrating impact and mitigation strategies.

- Build or extend internal tools for RE, fuzzing, or firmware analysis.

- Document your research with clarity, from discovery to exploit chain.

- Share insights through internal talks, mentoring, or public presentations.

💼 The Role

You’re part of a small, focused offensive research team working on embedded, mobile, and SoC security.

You’ll have time and freedom to explore, and be expected to produce meaningful results that advance both the field and our clients’ resilience.

🚀 What You’ll Do

- Reverse and analyze complex binaries (bootloaders, trustlets, firmware).

- Fuzz components or IPC layers to uncover 0-days.

- Build emulation environments (QEMU, Unicorn, custom harnesses).

- Collaborate with other specialists (hardware, crypto, exploit dev).

- Write tooling to automate tedious RE or fuzzing workflows.

- Publish or present selected work internally or at conferences.

🧠 What We’re Looking For

Required:

- Solid knowledge of C/C++, assembly (ARM/AArch64), and scripting (Python).

- Hands-on experience with reverse engineering (IDA, Ghidra, radare2, Frida).

- Familiarity with fuzzing frameworks (AFL++, libFuzzer, honggfuzz, syzkaller).

- Understanding of memory corruption, sandboxing, and privilege escalation.

- Capacity to work independently, document clearly, and explain complex findings.

- English working proficiency (written/oral).

Nice to have:

- Experience with secure boot, TrustZone, basebands, or SE/TEE.

- Knowledge of radio stacks (BLE, Wi-Fi, LTE/5G).

- Familiarity with hardware attacks (fault injection, side-channels, glitching).

- Contributions to open-source tools or write-ups (e.g., blogposts, GitHub).

✨ Why Join Us?

- Hybrid or full remote from anywhere in Argentina with flexible hours

- 2 extra weeks of vacation per year

- Prepaid healthcare plan for the family group

- Collaborate with experts in security, reverse engineering, fuzzing, cryptograhpy, and compiler technologies

- Contribute to tools or develop new ones

- Participate to conferences

- Be part of a tight-knit R&D team where curiosity and initiative are valued