Middle C Engineer (Fuzzing)

Samsung R&D Institute Ukraine is looking for a passionate and collaborative C Engineer to join our team.

You will be involved in fuzzing activities and fuzzing infra construction for Samsung flagship devices in use by hundreds of millions of users worldwide.

If you love working directly on consumer-facing products we are glad to meet you at our team in Samsung R&D Institute Ukraine. 

More specifically you will:

• apply various fuzzing technologies (AFL, libfuzzer mostly) to reveal issues in system & middleware codebase
• be involved in all fuzzing stages (harness development, corpus, custom mutators, grammar, dependencies mock, crash de-duplication and prioritization, fuzzing orchestration and monitoring)
• research on advanced fuzzing techniques for cases where source code is not available or on-device fuzzing is too slow (emulation, cross-compilation oth.)
• participate in research activities and strategic prototyping for future Samsung products

Major Requirements:

• security awareness: familiar with secure coding (in C) and security hardening techniques (sanitizers, static/dynamic analysis tools)
• debugging experience (ability to analyze crashdumps), mostly GDB-based
• Python (will be applied to exploitability evaluation automation, GDB scripts development)
• Linux software build customization experience (strong bash and configure/make, binary/code instrumentation, toolchain fine-tuning, cross-compilation)
• relevant education (at least Bachelor degree in computer science or similar)

background might be: C system development or DevOps (embedded systems experience) or security assessment (device-side)

Optional Requirements:

• fuzzing experience: AFL and its spin-offs, libfuzzer, HonggFuzz, protocol fuzzing, binary fuzzing, cross-compiled fuzzing, Linux Kernel fuzzing, Android software fuzzing
• security code review experience
• experience with security automation tools and processes (static/dynamic analyzers, SAST/DAST)
• experience with symbolic execution and emulation (context: QEMU-based execution and remote debug)
• experience with Docker/Singularity containers (custom containers construction, hardening, performance fine-tuning, orchestration)
• reversing experience will be helpful: IDA, Ghidra, ELF/DWARF understanding, assemblers, pwntools, CTF participation

Working Conditions:

• official employment - GIG contract
• remote work is possible as well as work in Kyiv office

Benefits:

• competitive salary, annual salary review, annual bonuses
• paid 28 work days of annual vacations and sick leaves
• opportunity to become an inventor of international patents with paid bonuses
• medical & life insurance for employees and their children
• paid lunches
• discounts to Samsung products, services
• regular education and self-development on internal courses and seminars
• - hybrid work format, working in office is required for some tasks