Spoofing Consultant

About the role

We’re building a dedicated Location Integrity Red Team to challenge and harden our location security stack. As a Senior Spoofing Engineer, you’ll lead offensive research and testing efforts to uncover ways attackers can bypass our location spoofing detection, helping us stay ahead of emerging threats. You’ll focus on mobile application reverse engineering, device tampering, and network-level evasion techniques, producing actionable bypass reports and mitigation recommendations for our engineering teams.

This is a hands-on role for a deeply technical offensive security professional who thrives on creative problem-solving, breaking assumptions, and staying at the cutting edge of mobile security and location spoofing tactics.

Key responsibilities:

- Conduct red team engagements against our mobile SDKs and apps to identify and reproduce bypasses of location spoofing detection mechanisms.

- Research and test techniques involving:

• GPS and device coordinate manipulation
• -Device&OS tampering (root/jailbreak bypass, virtualization, emulation)
• VPN, proxy, and remote desktop evasion
• Wi-Fi and cell-tower triangulation spoofing

- Produce detailed, reproducible bypass reports, proof-of-concept demonstrations, and mitigation guidance.

- Continuously monitor and analyze emerging spoofing, tampering, and bypass techniques in the wild.

- Collaborate with internal security and product teams to prioritize risks and hardening strategies.

- Contribute to the team’s evolving testing methodologies, tools, and automation for location security testing.

Requirements:

- 5+ years of experience in offensive security, mobile app penetration testing, or reverse engineering.

- Deep expertise in Android/iOS reverse engineering (static and dynamic analysis).

- Hands-on experience with dynamic instrumentation tools (e.g., Frida, Magisk/Xposed).

- Strong understanding of mobile OS security models, device attestation, and tamper detection.

- Familiarity with network-based evasion (VPN, TOR, proxies) and device fingerprinting techniques.

- Proven ability to deliver comprehensive security assessments and clear mitigation guidance.

- Strong scripting/programming skills (Python, Java, Swift, etc.) for custom tooling and PoCs.

Nice-to-Have Skills

Knowledge of SDR and GNSS signal spoofing.

Familiarity with fraud prevention, geo-compliance, or streaming/betting security contexts.

Exposure to RF-level location validation techniques (Wi-Fi RTT, Cell-ID triangulation, RAIM, Kalman filters).

Experience contributing to open-source security tools or threat intelligence research.

Tools & Frameworks in Use

Frida, Magisk/Xposed, SafetyNet / Play Integrity, DeviceCheck, GeoComply, MaxMind, IDA Pro, Ghidra, Wi-Fi RTT, Cell-ID triangulation.

Additional information/Benefits:

- Work with some of the most dynamic US tech companies, building and iterating on new features and platforms.

- Long-term projects with real technical challenges.

- Fully remote work with flexible hours.

- Option to work from our office in Cluj-Napoca, Romania, if desired.

- Collaboration flexibility: We work with CIM/PFA/SRL contracts.

- 30 paid days off per year.

- We provide equipment as needed (laptop, desktop, etc.).

- Continuous learning: We sponsor career-improving courses, seminars, and certifications.

- Opportunity for annual business visits to the US, depending on project needs.

Get picky and choose a career that matches your mindset and lifestyle. Team up with a company that encourages you to do more and gives you the flexibility you need!