AirOverflow is looking for someone who loves tearing things apart. Not metaphorically — literally. We need a Reverse Engineer who gets genuine satisfaction from cracking open a binary, peeling back obfuscation layers, and reconstructing intent, logic, and structure from nothing but compiled machine code. This role goes well beyond threat intelligence. At its core, it is about taking production-grade binaries — closed-source, stripped, obfuscated, and hostile to analysis — and working backwards to something that approximates the original source: recovering program logic, data structures, algorithms, and behavior with enough fidelity to be useful for security research, vulnerability discovery, and client deliverables. Alongside that, we are looking for someone who brings a binary exploitation or vulnerability research mindset to the table — someone who doesn't just document what a binary does, but instinctively looks for where it breaks, where memory safety assumptions fall apart, and where an attacker could gain control. These two disciplines — deep reversing and vulnerability research — are what define this role at AirOverflow, and we want someone who is strong in both or hungry to bridge them. You will work with real-world malware samples, proprietary software, and compiled binaries across a range of architectures and compilers, using tools like IDA Pro, Ghidra, and Binary Ninja. The binaries we deal with are not always clean or familiar — we regularly encounter large, heavily obfuscated samples as well as binaries compiled from modern languages like Go and Rust that demand a different analytical approach. Architecturally, we operate across x86/x64, ARM, and PowerPC (PPC) environments, reflecting the diversity of today's threat and research landscape. If reverse engineering is not just a skill but a compulsion — and if you want to do it somewhere that pushes the craft to its limits — this is your role.

What You'll Do

• Reverse engineer production-grade, closed-source, and stripped binaries — recovering logic, data structures, and program flow to approximate probable source code
• Perform static and dynamic analysis of malware samples across a range of families, complexity levels, and architectures
• Apply a vulnerability research mindset to identify memory corruption issues, logic flaws, and exploitable conditions within reversed binaries
• Develop and demonstrate proof-of-concept exploits or vulnerability write-ups where applicable
• Reverse engineer compiled binaries using IDA Pro, Ghidra, Binary Ninja, or similar tools across x86/x64, ARM, and PPC targets
• Analyze Go and Rust binaries, recovering structure and logic from stripped, compiler-optimized output
• Document malware behavior, capabilities, and indicators of compromise (IOCs) in structured, reproducible formats
• Produce threat intelligence and vulnerability research reports for clients and internal use — clear, accurate, and actionable
• Collaborate with the offensive security team on custom implant, payload, and exploit research
• Contribute to AirOverflow's public research blog and responsible disclosure program

What We're Looking For

• Strong, proven experience reversing large, heavily obfuscated binaries — not just clean samples but the kind that fight back
• Demonstrated ability to reconstruct probable source code and program logic from compiled, stripped, production-grade binaries
• A binary exploitation or vulnerability research mindset — the ability to look at a binary not just as something to understand, but as something to break
• Solid understanding of memory corruption primitives — buffer overflows, use-after-free, heap exploitation, format string bugs, and similar vulnerability classes
• Solid understanding of x86/x64 assembly and low-level computing concepts across multiple architectures, including ARM and PowerPC (PPC)
• Hands-on experience reversing binaries compiled from Go and Rust — understanding their runtime quirks, symbol stripping behaviors, and how they differ from C/C++ targets
• Hands-on experience with disassemblers and decompilers — IDA Pro, Ghidra, or Binary Ninja
• Familiarity with Windows internals, the PE file format, and common malware evasion techniques
• Ability to write clear, structured, and technically precise analysis and research reports
• Strong analytical mindset with patience for deep, open-ended, and ambiguous problems

Nice to Have

• Experience developing working exploits or CVE-level vulnerability research on real-world targets
• Deep experience with packed, obfuscated, or anti-analysis-hardened samples — custom packers, self-modifying code, and multi-stage loaders
• Proficiency reversing Go binaries — recovering function names, understanding goroutines, and working around stripped symbols
• Proficiency reversing Rust binaries — navigating monomorphization, understanding ownership patterns at the assembly level, and dealing with LLVM-compiled output
• Cross-architecture analysis experience beyond x86/x64 — particularly ARM (32/64-bit) and PowerPC (PPC) targets
• Knowledge of the macOS or Linux malware ecosystems
• Public CVEs, CTF write-ups, or malware/vulnerability research reports — blogs, GitHub, or community posts
• Familiarity with dynamic analysis environments and sandboxing tools such as Cuckoo, Any.run, or FlareVM
• Understanding of network-based IOCs, C2 protocols, and traffic analysis
• Experience with scripting for automation — Python, IDAPython, or Ghidra scripting

What We Provide

• Competitive compensation commensurate with experience
• Access to a curated malware sample repository and dedicated analysis infrastructure
• A platform to publish original vulnerability research and contribute to the broader security community
• Collaboration with an offensive security team working on cutting-edge implant, payload, and exploit research
• Continuous learning opportunities in one of the most technically demanding niches in cybersecurity
• Flexible working arrangements
• The opportunity to do the work you love — at a company that takes it as seriously as you do