Job Description

Client Security is part of the Business Risk Integrated Control (BRIC) team. We focus on building end-to-end, defense-in-depth systems that balance privacy and business needs to combat large-scale automated fraud and API abuse. Our scope includes client environment inspection, risky signal collection, trusted computing, traffic validation, data mining, and delivering tools and subject-matter services to business lines.

Responsibilities:

- Client-side security engineering: Develop, iterate, maintain, and provide technical support for client-side security components across Android, iOS, macOS, and Windows.

- Binary and runtime protection: Research and implement cutting-edge techniques to detect and prevent app cracking, tampering, hooking/injection, automation attacks, and other large-scale abuse; drive competitive analysis and key technical breakthroughs to strengthen defenses and product experience.

- Cross-functional threat response: Collaborate with client, backend, risk, and privacy stakeholders to research malicious tooling, track emerging attacks, and build anti-automation and validation systems.

- AI-driven automation defense: Build client-side defenses against AI-driven automation (LLM-assisted/scripted bots), including behavior modeling, anomaly detection, and proof-of-human signal design.

- On-device ML and content integrity: Secure on-device ML components used in product features—covering model integrity verification, anti-tamper/anti-extraction, encrypted model loading, and secure inference runtimes (e.g., TEE/Secure Enclave)—and research adversarial ML and deepfake vectors impacting client features (e.g., biometrics, media, content) to design on-device detection and mitigation pipelines.