How to Use Safari Web Inspector to Debug iOS Devices | A Guide

Learn to set up a Corellium iOS virtual device and perform debugging of web applications using Safari's Web Inspector tool.

Using the Safari Web Inspector with Corellium

<h2>Overview</h2>
In this guide, we'll be setting up a Corellium <a href="https://www.corellium.com/devices/ios" rel="noopener">iOS virtual device</a> to perform debugging of web applications using Safari's Web Inspector tool. For web developers, this is useful for testing rapid tweaks to CSS or troubleshooting responsive web design on an iPhone-sized display. For security researchers, the Javascript console can help identify why their fakeobj and addrof primitives aren't working.

<h2>Configure the Virtual Device</h2>
<img src="https://21590441.fs1.hubspotusercontent-na1.net/hubfs/21590441/EnablingWebInspector.png" alt="Enabling Web Inspector" width="572" loading="lazy" style="width: 572px;">
First, Safari on the virtual device must be configured to enable the Web Inspector. From the home screen, select the Settings icon, and then scroll down to Safari. On the next screen, scroll all the way to the bottom and select Advanced.
Enable the Web Inspector and return to the home screen.
Open Safari and browse to any page.
<h2>Configure Safari on the Mac</h2>
Next, ensure that the <a href="https://www.corellium.com/guides/connecting-to-the-corellium-vpn" rel="noopener" target="_blank">Corellium VPN is connected</a> and connect with <a href="https://www.corellium.com/guides/connecting-to-a-virtual-ios-device-with-usbflux" rel="noopener" target="_blank">USBFlux</a>.
 <img src="https://lh3.googleusercontent.com/DUqWcq8P8xMAjcCIW4T8_zqU6ailS8PaD-shOniDkcAcfMt9ynUSI0vsXT-wr7OWdgTgHmWQgLuvelM0bcuza4e3R0vncVjsiOXv0T59t-ejo0IhxCQPCq-Zzim3ZJHzgUIXZeJluSRhar81oA" width="381" height="296" loading="lazy">
<img src="https://lh3.googleusercontent.com/PLWbSxDE98RkJE22ULt_HoPRuGvfxclwiVODhKkgVraE7HVmtNmM2fW6EKFonfz-trnlGS2BEk_kCFVEVwzx2EJypdXhRtRyf4X7rLuREdJMkrPCvOSGR3jhQ2CsGtv0S0fLr8AyAD-vbq-ZJQ" width="487" height="264" loading="lazy">
If Safari is already running on the Mac, restart it fully by clicking Safari in the menu bar, followed by Quit Safari (or press ⌘Q with Safari selected) and then re-opening the application.
From the Safari menu, select Preferences and then switch to the Advanced tab. At the bottom of the window, ensure that "Show Develop menu in menu bar" is selected. Close the Preferences window.
<img src="https://lh3.googleusercontent.com/bdeX1ngAeq_Z3uaTdcrsXAGTSCG_sRxNIIZ5KbunwUblfM-Q1h2mBvsKrdwte5-O9dxwohWUu3QDjn474tv9mHSaPj6v68lUc-gcRnlNFAZVO1Ulb1cOUTrUcSYYWU5u-oR4FNTkV0P7IqJOzQ" width="624" height="341" loading="lazy" alt="The advanced tab screen in the Safari preferences menu">
The Develop menu will now appear in the menu bar, including a list of devices that have inspectable browsers. In this case, it will include the virtual device (named "iPhone" by default) and the local Mac (named "User's Mac" in the screenshot). When mousing over the iPhone submenu, the available tabs will appear under Safari, and selecting one will open the inspector.
<img src="https://lh3.googleusercontent.com/pt0oQ7rZb3IyB2TdCGmVMBJ_lRxQSn5NOwT8ASxK-X27nBbfINBpcSKj2r6CpP-X9bcC2kYJrGeURzUzJl-5OzCdXbjvwS2MLs9DGxsWpafRmudSSRUADZDacYczy9zd4T8UyjUysif8h4bvvQ" width="624" height="197" loading="lazy" alt="iPhone &quot;Develop&quot; submenu dropdown"> <img src="https://lh3.googleusercontent.com/ze48oYVXulVL14jciRMD3n54FVcFj2wJQpNoWr95D7_9aLrGakeLkCks_uISSrQBe9AwMAdcmQ1Xjfr03bIAXhJiJUp6-sGUhIhbj6w4l2gn9absDV0zwK3plMoHcD3SX9E47MFR72HRb3g2dQ" width="624" height="406" loading="lazy" alt="web inspector">
The inspector has many features that are out of the scope of this guide, see the <a href="https://developer.apple.com/safari/tools/" rel="noopener" target="_blank">official documentation</a> for additional details.
<h2>Troubleshooting</h2>
<ul>
<li>If you are in the cloud, always ensure you are connected to VPN with the correct configuration profile.</li>
<li>If a device is not detected properly, try closing and reopening USBFlux and Safari, in that order. </li>
</ul>

<h2>Overview</h2>
In this guide, we'll be setting up a Corellium <a href="https://www.corellium.com/devices/ios" rel="noopener">iOS virtual device</a> to perform debugging of web applications using Safari's Web Inspector tool. For web developers, this is useful for testing rapid tweaks to CSS or troubleshooting responsive web design on an iPhone-sized display. For security researchers, the Javascript console can help identify why their fakeobj and addrof primitives aren't working.

text

Where does Mobile App Security Testing fit into the latest NIST SSDF and CISA Zero Trust publications?

It’s hard to find useful, well contributed to information on mobile security testing and best practices. Recent cybersecurity publications from U.S. gov agencies often confuse the search. Here’s one interpretation of how they’re interrelated.

It’s difficult to find technically useful, well contributed information on mobile security testing and mobile software development life cycle (SDLC) best practices. There is a lot of high-level info scattered around, and it seems like new government cybersecurity publications are popping up all the time which makes it hard to tell how everything fits together. So I set out to research the topics on my own, and this blog covers what I’ve found. As I continue, and as comments come in, I’ll make corrections and updates.

Let’s start with very useful, seminal work on mobile security testing, with OWASP® contributors doing a wonderful job with two foundational works. Any searches on the topic of mobile security testing should have landed on them, but in case yours didn’t.
<h2 id="mobile-security-testing-guide">Mobile Security Testing Guide</h2>
The first is the&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://mobile-security.gitbook.io/mobile-security-testing-guide/">Mobile Security Testing Guide (MSTG)</a>1 from OWASP. From its introduction:
“The OWASP Mobile Security Testing Guide (MSTG) is a comprehensive manual for testing the security of mobile apps. It describes processes and techniques for verifying the requirements listed in the Mobile Application Security Verification Standard (MASVS), and provides a baseline for complete and consistent security tests.”
If you haven’t seen it before, at first glance you may get the impression that it’s merely a high-level overview of basic principles that any mobile developer or security expert already knows. But in fact, it’s quite comprehensive and technically detailed, a great living work by all its contributors, and a very useful resource for new and advanced mobile security gurus alike.
The MSTG is comprised of three primary sections, again from the Guide’s overview:&nbsp;
<div>
<ul>
<li>“The General Testing Guide contains a mobile app security testing methodology and general vulnerability analysis techniques as they apply to mobile app security. It also contains additional technical test cases that are OS-independent, such as authentication and session management, network communications, and cryptography.</li>
<li>The Android Testing Guide covers mobile security testing for the Android platform, including security basics, security test cases, reverse engineering techniques and prevention, and tampering techniques and prevention.</li>
<li>The iOS Testing Guide covers mobile security testing for the iOS platform, including an overview of the iOS OS, security testing, reverse engineering techniques and prevention, and tampering techniques and prevention.”</li>
</ul>
</div>
<h2 id="mobile-appsec-verification-standard">Mobile AppSec Verification Standard</h2>
The second work from the OWASP Mobile Security Project™ and its contributors, is the&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://mobile-security.gitbook.io/masvs/">Mobile AppSec Verification Standard (MASVS)</a>1.
From its introduction,&nbsp;“The MASVS is a community effort to establish a framework of security requirements needed to design, develop and test secure mobile apps on iOS and Android.”
You must admit, this is a bold undertaking to produce and keep current, but it’s a sorely needed one and a job well done. A useful summary from the document:
“The MASVS defines two security verification levels (MASVS-L1 and MASVS-L2), as well as a set of reverse engineering resiliency requirements (MASVS-R). MASVS-L1 contains generic security requirements that are recommended for all mobile apps, while MASVS-L2 should be applied to apps handling highly sensitive data. MASVS-R covers additional protective controls that can be applied if preventing client-side threats is a design goal.
Fulfilling the requirements in MASVS-L1 results in a secure app that follows security best practices and doesn't suffer from common vulnerabilities. MASVS-L2 adds additional defense-in-depth controls such as SSL pinning, resulting in an app that is resilient against more sophisticated attacks - assuming the security controls of the mobile operating system are intact and the end user is not viewed as a potential adversary. Fulfilling all, or subsets of, the software protection requirements in MASVS-R helps impede specific client-side threats where the end user is malicious and/or the mobile OS is compromised.”
<h2 id="nist-ssdf">NIST SSDF</h2>
And now for what’s happening from the U.S. gov end of things and recent cybersecurity standards and guidance news. Let’s start with the&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://www.nist.gov/">National Institute of Standards and Technology</a>&nbsp;(NIST) which produces many publications on the topic of cybersecurity.
The recent news has been around the NIST 800-218 publication in 2021 and updated in February 2022, entitled “<a target="_blank" rel="noopener noreferrer" href="https://csrc.nist.gov/Projects/ssdf">Secure Software Development Framework (SSDF): Recommendations for Mitigating the Risk of Software Vulnerabilities</a>”.
It’s a comprehensive and relevant work as it applies to mobile software development and testing. Excusing the pun, it sets the new standard as far as past security frameworks for SDLC go. It contains numerous references to useful resources, and the OWASP MASVS resource is primarily referenced within the Produce Well-Secured Software (PW) section.
I find the NIST SSDF publication to be well thought-out and as you read through the examples for each “task”, it makes for a good checklist to walk through for your mobile software development practices (or any software development). Some tasks are easier said than done, but it provides for a great “you are here” resource for understanding your current SDLC security posture and what you need to keep an eye on moving forward.
Having no affiliation with it, I found this blog useful when reading NIST 800-218:
<a target="_blank" rel="noopener noreferrer" href="https://blog.chainguard.dev/i-read-nist-800-218-so-you-dont-have-to-heres-what-to-watch-out-for/">I Read NIST 800-218 So You Don’t Have To - Here’s What to Watch Out For</a>, by Dan Lorenc. When searching for other NIST cybersecurity initiatives that are currently underway, I found the following particularly interesting. They are looking into consumer labeling practices for both software and IoT devices. In a nutshell, when software or IoT devices are made available for end-use, the level of security testing performed or achieved would be clearly indicated. According to the links below, an initial summary report is to be published by May 12, 2022. This will be interesting to say the least and I’ll update this blog with relevant information.
<div>
<ul>
<li><a target="_blank" rel="noopener noreferrer" href="about:blank">Recommended Criteria for Cybersecurity Labeling of Consumer Software</a></li>
<li><a target="_blank" rel="noopener noreferrer" href="https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/consumer-cybersecurity-labeling-pilots-approach">Consumer Cybersecurity Labeling Pilots: The Approach and Contributions</a></li>
</ul>
</div>
<h2 id="cisa-zero-trust">CISA Zero Trust</h2>
There also have been recent news headlines made by the&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://www.cisa.gov/">Cybersecurity &amp; Infrastructure Agency</a>&nbsp;(CISA), first established in 2018.
There are recent two works of interest:
<div>
<ul>
<li><a target="_blank" rel="noopener noreferrer" href="https://www.cisa.gov/zero-trust-maturity-model">Zero Trust Maturity Model</a>, introduced in September 2021, and</li>
<li><a target="_blank" rel="noopener noreferrer" href="https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisas-zero-trust-guidance-enterprise-mobility-available-public">Applying Zero Trust Principles to Enterprise Mobility</a>, newly introduced in March 2022.</li>
</ul>
</div>
These works, to me at least, are more indirectly related to mobile security testing and SDLC best practices. This makes sense as Zero Trust refers to user access privileges and hence the in-production phases of SDLC.
But I would have hoped that Zero Trust would have extended to cover the design and development phases of the SDLC as more and more vulnerabilities are likely to be introduced well before software deliveries.
In the&nbsp;Zero Trust Maturity Model&nbsp;document, the topic of <a href="https://www.corellium.com/solutions/mobile-security-research" rel="noopener">app security</a> development and testing is included in the Application Workload pillar and its Application Security guidance, but that’s about it. It doesn’t use the acronyms, but it’s basically implying a shift from DevOps to DevSecOps.&nbsp;
Reproduced from&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf">Table 4</a>&nbsp;on page 12:
“Application Security Function:
<div>
<ul>
<li>Traditional – Agency performs application security testing prior to deployment, primarily through static and manual testing methods.</li>
<li>Advanced – Agency integrates application security testing into the application development and deployment process, including the use of dynamic testing methods.</li>
<li>Optimal – Agency integrates application security testing throughout the development and deployment process, with regular automated testing of deployed applications.”</li>
</ul>
</div>
Looking through the&nbsp;Applying Zero Trust Principles to Enterprise Mobility&nbsp;document, you eventually reach “Table 1: Enterprise Mobile Security Components”. And wading through each, mobile security testing lands on its relatively small Mobile App Vetting (MAV) component.
Not bad I suppose for a CISA framework where the Zero Trust context aims at a different aspect of mobile security and different phase of mobile software development. Would have been helpful if CISA’s MAV and NIST’s SSDF were linked or cross-referenced.
I’d keep an eye on CISA “Zero Trust” publications, but looks like the NIST “SSDF” publications are currently more directly relevant to the topic of mobile security testing and mobile SDLC.
To learn more about Corellium and what we do, visit us at&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://www.corellium.com/">Corellium.com</a>&nbsp;
&nbsp;
1 OWASP trademarks and published works belong to and are under copyright by The OWASP Foundation. The OWASP works are licensed under a&nbsp;<a target="_blank" rel="noopener noreferrer" href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a>. For any reuse or distribution, you must make clear to others the license terms of the works.

It’s difficult to find technically useful, well contributed information on mobile security testing and mobile software development life cycle (SDLC) best practices. There is a lot of high-level info scattered around, and it seems like new government cybersecurity publications are popping up all the time which makes it hard to tell how everything fits together. So I set out to research the topics on my own, and this blog covers what I’ve found. As I continue, and as comments come in, I’ll make corrections and updates.

Everything on our website, all in one place.

Find what you’re looking for

Join us at Black Hat and DEF CON, August 6 → 14

Our revolutionary cloud-based research environment combines high-fidelity virtual devices with powerful integrated tools.

Mobile Security Research

Test your apps at scale on Arm in a convenient, low-cost virtual environment.

Mobile App Testing

Our technology is limitless. Explore how Corellium can advance your work on Arm-based devices.

Let’s do something great together

There are now Go builders on http://build.golang.org for android/arm, android/arm64, darwin/arm64 (iOS) running on virtual @CorelliumHQ devices. Thanks to @steeve and @zenlyapp we might soon get rid of slow and unreliable physical test devices.

Go is now self hosted on iOS and Android. Meaning it doesn't need a host to compile and run programs on those platforms. What a fine job @eliasnaur and @CorelliumHQ.

Thank you @CorelliumHQ for supporting our training session with your iOS and Android virtual devices! It will be a huge help for our students at @typhooncon 10th June // Seoul "Offensive Mobile Reversing and Exploitation". For registration go to typhooncon.com/registration/

Just got my hands on @CorelliumHQ — saying that my mind is blown is an understatement. This is the future of iOS security research. (and my eternal fear of bootlooping my physical devices is gone!)  Huge thanks to @cmwdotme and @chronic!

@CorelliumHQ is easily one of the most impressive platforms I've seen. Happy to share that students attending the @BlackHatEvents @MDSecLabs Mobile Training will get to play with this first hand! blackhat.com/us-18/training... #BHUSA

Live kernel debugging on a virtualised iOS 12.0! Having the ability to do this sort of thing with whichever iPhone/version you want is gonna greatly assist developers & researchers with future iOS kernel security research.

So much this. Craziest thing for me was just having it show up as a run destination in Xcode (oh yeah and it has ssh and cycript). Real iOS virtualization in the cloud is /awesome/. Nice work @cmwdotme and team!

Watching an online virtual iPhone 8 Plus installing a copy of iOS 11.4 in a browser is *wild*. Then proxying it to USB so you can build & run directly from Xcode? @cmwdotme's @CorelliumHQ is so freaking cool.

Saying that my mind is blown is an understatement. This is the future of security research.

Discover how virtual devices can advance your development work on mobile, IOT, and beyond.

Virtual devices with real-world accuracy

corellium__mobile_security_services_v04 (1080p)

Our virtual devices give you the convenience, efficiency, and scale of an emulator with the fidelity and performance of a real device. And with powerful controls and integrated tools, you can build, test, and explore in ways that were never possible before. Available on-site and in the cloud.

Physical devices are holding you back.

Thoughts, stories and ideas from the Corellium® team.

Latest Posts

CHARM™ is our custom type-1 hypervisor, purpose-built to run virtual models of Arm devices on cutting-edge Arm servers.

Powered by CHARM™

With usage-based pricing, you’re only billed for the time that you use or store your virtual devices.

Billing occurs every 7 days or when you reach a threshold of $100 (whichever is sooner).

With our monthly subscription model, you are allotted a certain number of CPU cores, and you can run as many virtual devices as that number of CPUs will permit at a time.

These CPU cores correspond to the number of CPU cores available on the Arm servers assigned to your account. Each virtual device requires a certain number of CPU cores in order to run. Most devices require two cores, but newer devices, such as the iPhone 8 and iPhone X, require six cores.

The magic of virtual Arm devices with shockingly lower pricing and better deployment flexibility than less powerful alternatives.

Simple, transparent pricing for cloud and on-site solutions

Transparent pricing for cloud and on-site

We believe Arm processors will power the next massive wave of mobile and IoT computing devices, exponentially expanding the cyber security attack surface.

Transformative technology

We believe Arm hypervisor virtualization is critical technology for developers and security teams to achieve needed levels of security research and testing, so we aim to we deliver carefully crafted, well-designed products to solve real problems.

Excellence with purpose

There are 13M Arm developers today and we believe this number will grow 3X over the next decade. We're dedicated to supporting our peers in the Arm community who seek to build more secure, performant, and accessible software and devices.

Committed to our community

A few key values we hold onto as we strive to break boundaries and set new standards through the power of virtualization.

What we believe in

We’re on the lookout for folks to help us deliver stellar experiences across our digital ecosystem. Join us and help create the future of Arm Virtualization.

Join us, from anywhere

Corellium® was founded to equip teams with the tools they need to push the ecosystem of Arm-based devices forward. We changed what's possible, so you can build what's next.

We create software that’s indistinguishable from magic

We team up with folks who believe in our long-term approach to building a great company and believe in our mission.

We're backed by incredible investors

We’ve been featured in quite a few places - have a read.

In the news

We’re a group of passionate people dedicated to the success of our team, partners and customers.

Leadership team

Unlike other hypervisors, CHARM™ wasn’t ported to Arm: it was built for Arm from the ground up. And Corellium's hypervisor wasn’t built to virtualize servers: it was specifically designed to handle the complex peripherals and chip architectures of mobile devices.

The only hypervisor designed specifically to virtualize mobile devices

Corellium's Arm2Arm feature provides transparent 32-bit translation for Android, so developers can run apps with 32-bit libraries on 64-bit server hardware without making any modifications to their code.

Transparent 32-bit translation for Android

To optimize user interaction with the virtual display, Corellium's hypervisor provides hardware-accelerated H.264 / H.265 compression and GPU support with OpenGL ES pass-through. Our proprietary WebRTC implementation re-encodes display for ultra-smooth rendering.

Realistic, highly performant interaction and visual display

Our hypervisor has the flexibility to run not only virtual devices but also containerized applications. Our container technology uniquely runs LXC-style Android containers on Android, sharing services to enable greater resource density for use cases like application streaming.

Sophisticated container technology

The Corellium hypervisor CoreHDL feature enables developers to plug their own simulated hardware into virtual devices for hardware design, verification and bringup.

Ability to plug simulated hardware into virtual devices

Corellium offers turnkey, out-of-the-box software, as well as a deeply customizable platform, resulting in rich native-like experiences, sophisticated rendering and smooth graphics.

Performance out of the box

From advanced security research to mobile app testing, our technology empowers critical development work across the Arm ecosystem.

Groundbreaking technology

CHARM™ is our custom type-1 hypervisor designed to run multiple complex devices, peripherals and chipsets on a single, cutting-edge Arm server, allowing us to virtualize devices on their native architecture.

Say hello to CHARM™

We ensure developers and engineers are well-equipped to research, work, and test on Arm-based technologies.

A groundbreaking platform to advance your work on Arm

Select from a variety of device models and OS versions for iOS and Android to accelerate your mobile testing and development.

Hundreds of models, ready to boot

Advanced integrated tools give you a level of insight and control that isn't possible with physical devices or emulators.

Ultimate mobile device security tools

Work with our team on modeling your custom IoT device to enable accurate, performant testing as you develop new hardware and firmware.

Bring your own custom IoT models

The accuracy, fidelity, and performance of real devices combined with the scale, efficiency, and convenience of the cloud.

The best of both worlds

Advice and answers from the Corellium team.

Support Center

Check out platform status and historical uptime.

Status

Check out the latest releases and updates.

Changelog

Documentation and reference for our platform API.

API Docs

Corellium's on-site appliances use the latest Ampere Altra Arm servers. On-site servers can be airgapped for use in high-security locations.

Corellium Appliances

Corellium's cloud service is hosted at AWS, using Amazon's Graviton Arm servers. Private AWS licenses are also supported.

Corellium Cloud

Solution Flexibility

Everything you need to know about devices and your data.

Frequently asked questions

Virtual devices in their native environment. Unlike other emulators, our virtual devices run on Arm-based servers, so you can test with confidence while still enjoying the convenience of the cloud.

A groundbreaking platform for Arm virtualization

See what others are saying and download our media kit.

Welcome to the Pressroom

Built on what it claims is massive demand for its tool that creates virtual Android and iPhone devices for security testing, it announced a Series A funding round on Thursday at $25 million, led by Paladin Capital Group, with participation from Cisco Investments.

Corellium Scores $25 Million Funding To Build Android And iPhone Cyber Research Juggernaut

Corellium had caused a stir in the security community in 2018 when Forbes revealed its plans to allow researchers to spin up iPhones on their laptops to start probing iOS for security weaknesses or usability flaws.

Apple Drops iPhone Copyright Lawsuit Against Cyber Startup Corellium

Previously, Corellium restricted iOS-based device virtualization to enterprise accounts through its CORSEC platform, with Android tools available to both enterprise and individual users.

Corellium opens iOS device virtualization support to individual accounts

There are some champions trying to make the online world a safer place. Our inaugural Forbes Cybersecurity Awards celebrate their achievements.

Forbes Cybersecurity Awards 2020: Corellium, The Tiny Startup Driving Apple Crazy

Every benevolent hacker dreams of a space replete with software they can manipulate to make it do things it shouldn't. But oftentimes it's neither cheap nor easy to acquire and maintain all that tech, especially when you're trying to break it, risking its very usefulness.

This Super Stealth Startup Has Built An Apple Hacker's Paradise

The latest news, technologies, and resources from our team.

Recent features

"Emulating Androids and iPhones inside a computer turns out to be incredibly useful to anyone testing the security of the devices and to app developers making sure their tools work properly before putting them out into the world."

Cybersecurity Product of the Year 2020

We’ve assembed a small kit of assets, available to download for editorial use. We're also happy to answer additional questions or provide further information, such as a product demo or executive interview.

Press Kit

We’re proud sponsors of the open source projects we work with every day.

Not part of our tech stack obviously, but a great addition to this initiative. Contributing here any way we can is an investment in the future diversity and equality of our teams.

WWCode is a global non-profit organization dedicated to helping women excel in technology careers.

Sponsoring Open Source

Babel underpins our entire frontend stack — we use it to write bleeding-edge ES6 / ES7 and get browser-compatible ES5 JS back. It's crucial to both our development speed and developer experience.

A JavaScript compiler - put in next-gen JavaScript, get browser-compatible JavaScript out.

We use Prettier and ESLint together to create a rigid, shareable editor configuration for our whole team. It ensures that we're all writing and formatting our code in the same way, resulting in much cleaner, scalable and understandable code.

An opinionated code formatter that supports many languages and integrates with most editors.

Storybook allows us to build and test our components in isolation, with great add-ons to help with accessibility, showcasing features and test actions. It's what powers our design system.

An open source tool for developing UI components in isolation for React, Vue, and Angular.

We have a love-hate relationship with ESLint. Our custom 600-line config has made our codebase incredible robust by enforcing the absolute best practices in JS development across the entire team, which is essential in remote work era. But, in order to do this, it tells us what we're doing wrong every key we type. But hey, it makes us better developers in the long run!

Find and fix problems in your JavaScript code.

Webpack powers every modern JS build system. It allows us to create independent components, libraries and assets that connect and work with each other, by building them into a single (or chunked) JS files for browsers.

A static module bundler for modern JavaScript applications.

We use Jest to write component-level tests in our design system, so we can reduce the probability of things unintentionally breaking in new releases.

A delightful JavaScript Testing Framework with a focus on simplicity.

PostCSS allows us to write regular CSS with "enhancements" — utilities and functions that are crucial to creating a scalable design system. It also comes with Autoprefixer, a library that automatically adds browser-specific rules during build time so we don't need to think about it!

A tool for transforming CSS with JavaScript.

Stylelint, in combination with ESLint, maintains and cleans up our design system and styles in general by providing rules and conventions on how to write good CSS.

A mighty, modern linter that helps you avoid errors and enforce conventions in your styles.

SWC is the new compiler for Next.js, replacing Babel and Terser. While we can't support Next.js directly as it's by Vercel, sponsoring the underlying compiler is the next best thing!

A super-fast compiler written in rust; producing widely-supported javascript from modern standards and typescript.

Rollup powers the package build process of our design system. Every time we commit new code, Rollup pulls our components together and builds them into a finalised, importable bundle for consumer apps.

A module bundler for JavaScript which compiles small pieces of code into something larger and more complex, such as a library or application.

Axios is a fantastic little library for making HTTP requests — uploads, downloads, etc. from inside Javascript. Because it's polymorphic (works on the front-end and the back-end), we're using it across all our codebases. It also comes with a great utility for running multiple concurrent requests.

An isomorphic, promise-based HTTP client for Javascript.

Yarn is a brilliant enhancement for the NPM Package Management system. It's much faster and the CLI commands are terser and smarter, meaning we're able to start projects and manage dependencies a lot quicker.

A package manager that doubles down as project manager.

I'm not sure if we've ever met a developer that doesn't use ZSH. It's a framework for your terminal that helps you be more productive with a huge range of helpers, utilities and formatting changes.

A delightful, open source, community-driven framework for managing your Zsh configuration.

The bridge between our ESLint and Prettier configurations and our use of Typescript as a language.

The tooling which powers TypeScript usage with ESLint, and TypeScript usage with Prettier.

Amanda Gorton

Anthony Ricco

Hayden Bleasel

The latest industry news, interviews, technologies, and resources.

Resources and insights

$25M to Accelerate Arm Testing, Research, and Development

Announcing the 2021 COSI Award Winner

Corellium Open Security Initiative

Armv9 and Corellium: Why we chose Arm vs X86

Upcoming Training Opportunities with Corellium

Announcing Support for iOS on Individual Cloud Accounts

How We Ported Linux to the M1

Usage-Based Billing

Mobile Physical Memory Security

Corellium Workshop at Arm DevSummit 2020

Demo

Media Room

Technical Writeups

Workshops

We’re on the lookout for folks to help us deliver stellar experiences across our digital ecosystem. Here are some specific roles we are looking to fill!

Build the future of research, testing and development on Arm

A few things to make your work life and personal life work better together.

Perks, benefits and remuneration

Build the future of Arm research and development

&lt;p&gt;We’re looking for a talented Android Firmware Engineer to help us drive the future of development on Android-based devices. You’ll be part of the team advancing our virtual Android device models, with projects ranging from implementing AOSP peripherals like Wi-Fi and Bluetooth, adding support for new AOSP versions, and helping support AOSP on new virtual IOT models.&lt;/p&gt;
&lt;p&gt;You’ll be successful in this role if you have experience with Android itself — not Android apps. You may have previously ported AOSP, built it, debugged it, or contributed to it, and you may have worked on custom peripherals or drivers. You have extensive knowledge of Android systems, frameworks, HAL, and services, and you’re very well acquainted with Android debugging tools and techniques. You know how to use Git, you’re a native English speaker, you write top-notch quality code, and you’re keen to work on cutting-edge technology.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Requirements:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Experience with AOSP (or one its derivatives) -- syncing it, building it, debugging it, modifying it, contributing to it&lt;/li&gt;
&lt;li&gt;Deep understanding of Android architecture&lt;/li&gt;
&lt;li&gt;Strong familiarity with Android debugging tools and techniques&lt;/li&gt;
&lt;li&gt;Experience with Java, C++, and C programming language&lt;/li&gt;
&lt;li&gt;Experience with at least one script programming language (shell, python, etc.)&lt;/li&gt;
&lt;li&gt;Experience with software version control and release using Git&lt;/li&gt;
&lt;li&gt;Ability to speak and write natively in English&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;strong&gt;Nice to Have’s:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Experience with Android audio, Wi-Fi, and Bluetooth framework architecture&lt;/li&gt;
&lt;li&gt;Experience in upgrading Android OS versions&lt;/li&gt;
&lt;li&gt;Experience with the Google Compatibility Test Suite (CTS) certification and issue debugging&lt;/li&gt;
&lt;li&gt;Experience with implementing Android HALs for custom peripherals&lt;/li&gt;
&lt;li&gt;Experience with BSP and Linux device driver development&lt;/li&gt;
&lt;li&gt;Experience with SELinux&lt;/li&gt;
&lt;/ul&gt;

Android Firmware Engineer

Engineering

Remote

&lt;p&gt;We’re on the lookout for a Principal Data Engineer to join the Corellium engineering team. It’s a full-time, remote role, focused on building, developing, and maintaining data processing systems. Specifically, we’re looking for an engineer to coordinate with company executives and other professionals to create unique data infrastructure, to run tests on their designs to isolate errors, and to update systems to accommodate changes in company needs.&lt;/p&gt;
&lt;p&gt;You’ll have opportunities to work on a broad range of things - never a dull moment. There are innovative tools to be developed for all aspects of the company and a variety of other interesting challenges. You’ll have opportunities to work with brilliant engineers, to own components, and to develop subject matter expertise.&lt;/p&gt;
&lt;p&gt;To be successful in this role, you should have an in-depth understanding of data engineering practices as well as expertise with the tools needed to debug and diagnose issues. As a Principal Data Engineer, you will be responsible for architecting and overseeing implementation and management of the entire data infrastructure and systems. These responsibilities also include development and delivery of business intelligence (BI) systems for use by other areas of the business.&lt;/p&gt;
&lt;h2&gt;&lt;strong&gt;Responsibilities&lt;/strong&gt;&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Assembling large, complex sets of data that meet non-functional and functional business requirements&lt;/li&gt;
&lt;li&gt;Identifying, designing and implementing internal process improvements including re-designing infrastructure for greater scalability, optimizing data delivery, and automating manual processes&lt;/li&gt;
&lt;li&gt;Building required infrastructure for optimal extraction, transformation and loading of data from various data sources using AWS and SQL technologies&lt;/li&gt;
&lt;li&gt;Building analytical tools to utilize the data pipeline, providing actionable insight into key business performance metrics including operational efficiency and customer acquisition&lt;/li&gt;
&lt;li&gt;Working with stakeholders including data, design, product and executive teams and assisting them with data-related technical issues&lt;/li&gt;
&lt;li&gt;Working with stakeholders including the Executive, Product, Marketing, and Design teams to support their data infrastructure needs while assisting with data-related technical issues&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;&lt;strong&gt;Skills and Qualifications&lt;/strong&gt;&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;AWS: S3 Data Lake, Athena, Redshift, EMR, Glue, ECS&lt;/li&gt;
&lt;li&gt;Proficiency with Python in a data engineering context&lt;/li&gt;
&lt;li&gt;Proficiency with SQL&lt;/li&gt;
&lt;li&gt;Proficiency with workflow orchestration concepts&lt;/li&gt;
&lt;li&gt;Adaptable to Windows, Linux, and container-based environments&lt;/li&gt;
&lt;li&gt;Workflow performance, scaling, and optimization&lt;/li&gt;
&lt;li&gt;Security and privacy principals&lt;/li&gt;
&lt;li&gt;Bachelor’s degree in computer science, information technology, or mathematics&lt;/li&gt;
&lt;li&gt;Strong, effective communication and collaboration skills. Capacity to clearly and concisely communicate about complex technical topics, achieve consensus with peers, provide clear status updates&lt;/li&gt;
&lt;li&gt;Must be fluent in English, both written and verbal&lt;/li&gt;
&lt;li&gt;Self-motivated and self-managing, with excellent organizational skills&lt;/li&gt;
&lt;li&gt;Positive, solution-oriented mindset&lt;/li&gt;
&lt;li&gt;Comfort working in a fast-paced, agile, iterative software development process&lt;/li&gt;
&lt;li&gt;Ability to thrive in a remote organization and in a startup environment&lt;/li&gt;
&lt;li&gt;Work hours must overlap with US timezones&lt;/li&gt;
&lt;/ul&gt;

Principal Data Engineer

&lt;p&gt;Corellium is seeking an experienced Product Manager with an extensive background in the IoT space. This role will focus on driving deep awareness and understanding of both our users and the market landscape to inform both our product roadmap and our go-to-market strategies. In this role, you&#39;ll work to contribute to our product strategy and roadmap (Product), as well as interfacing cross-department on things like our go-to-market strategy and content (Marketing) and implementation (Engineering).&lt;/p&gt;
&lt;p&gt;It&#39;s incredibly important to us that the software we build empowers our customers to achieve their goals. We need your help to understand what our customers need and want, what frustrates them, and how we can deliver value above and beyond their expectations. You will become our resident expert on our customers and our target market segments within the IoT space. You’ll perform extensive market research, competitive research, and customer research, ranging from one-on-one customer interviews to analysis of customer feedback. Your decisions will be informed by strong qualitative and quantitative evidence in order to inform the product roadmap. You&#39;ll also be involved in more day-to-day Product related tasks, like helping groom our feedback and feature backlog.&lt;/p&gt;
&lt;p&gt;You&#39;ll succeed in this role if you have deep knowledge of the IoT landscape and extensive experience with software product management in the B2B space. You should be meticulous and detail-oriented and have strong collaboration and communication skills. While an engineering background isn&#39;t necessarily required, it&#39;s important that you have a solid background in enterprise testing technologies so that you can understand the product itself, our market, and the ecosystem.&lt;/p&gt;
&lt;h2&gt;Responsibilities&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Product, market, and user research, such as customer interviews, in-app customer feedback, and product analytics.&lt;/li&gt;
&lt;li&gt;Work with cross-functional teams on the entire product lifecycle, from early technical feedback to public launch and widespread adoption.&amp;nbsp;&lt;/li&gt;
&lt;li&gt;Collaborate with R&amp;amp;D and partner teams to understand unique product fit into succinct developer benefits and narratives.&lt;/li&gt;
&lt;li&gt;Provide product roadmap input and guidance to R&amp;amp;D and Product Design teams. Using insights from your product and market research, identify high-value ways to improve the product, and identify opportunities that aren&#39;t worth investing time in.&lt;/li&gt;
&lt;li&gt;Document thoughtful user stories for new features, carefully articulating requirements based on user insights. Communicate and document any likely implementation challenges for a particular feature or solution.&lt;/li&gt;
&lt;li&gt;Drive the creation of key assets across all relevant developer and security community channels, including content and collateral, video production, blogs and coordination across social and press.&lt;/li&gt;
&lt;li&gt;Understand market dynamics and competitive offerings.&lt;/li&gt;
&lt;li&gt;Market research and competitive analysis.&lt;/li&gt;
&lt;li&gt;Support Sales with technical training and customer product demos.&lt;/li&gt;
&lt;li&gt;Work with customer councils and external security community contributors.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Requirements&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;2-5 years of experience in Product Marketing or Product Management roles.&lt;/li&gt;
&lt;li&gt;Experience leading cross-functional projects and communicating with stakeholders.&lt;/li&gt;
&lt;li&gt;Experience working with customers and prospects particularly in understanding their IoT development and testing needs.&lt;/li&gt;
&lt;li&gt;Experience with IOT development and relevant tools; knowledge of the IoT ecosystem.&lt;/li&gt;
&lt;li&gt;Bachelor&#39;s degree preferred.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Location&lt;/h2&gt;
&lt;p&gt;While this is a fully remote role, you must be based in a United States time zone to work effectively with the team’s hours. Expected travel under 5%.&lt;/p&gt;

Product Manager, IoT

Design and Product

&lt;p&gt;Corellium is seeking an experienced Product Manager with an extensive background in the Mobile Security Research space. This role will focus on driving deep awareness and understanding of both our users and the market landscape to inform both our product roadmap and our go-to-market strategies. In this role, you&#39;ll work to contribute to our product strategy and roadmap (Product), as well as interfacing cross-department on things like our go-to-market strategy and content (Marketing) and implementation (Engineering).&lt;/p&gt;
&lt;p&gt;It&#39;s incredibly important to us that the software we build empowers our customers to achieve their goals. We need your help to understand what our customers need and want, what frustrates them, and how we can deliver value above and beyond their expectations. You will become our resident expert on our customers and our target market segments within the Mobile Security Research space. You’ll perform extensive market research, competitive research, and customer research, ranging from one-on-one customer interviews to analysis of customer feedback. Your decisions will be informed by strong qualitative and quantitative evidence in order to inform the product roadmap. You&#39;ll also be involved in more day-to-day Product related tasks, like helping groom our feedback and feature backlog.&lt;/p&gt;
&lt;p&gt;You&#39;ll succeed in this role if you have deep knowledge of the Mobile Security Research landscape and extensive experience with software product management in the B2B space. You should be meticulous and detail-oriented and have strong collaboration and communication skills. While an engineering background isn&#39;t necessarily required, it&#39;s important that you have a solid background in enterprise testing technologies so that you can understand the product itself, our market, and the ecosystem.&lt;/p&gt;
&lt;h2&gt;Responsibilities&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Product, market, and user research, such as customer interviews, in-app customer feedback, and product analytics.&lt;/li&gt;
&lt;li&gt;Work with cross-functional teams on the entire product lifecycle, from early technical feedback to public launch and widespread adoption.&amp;nbsp;&lt;/li&gt;
&lt;li&gt;Collaborate with R&amp;amp;D and partner teams to understand unique product fit into succinct developer benefits and narratives.&lt;/li&gt;
&lt;li&gt;Provide product roadmap input and guidance to R&amp;amp;D and Product Design teams. Using insights from your product and market research, identify high-value ways to improve the product, and identify opportunities that aren&#39;t worth investing time in.&lt;/li&gt;
&lt;li&gt;Document thoughtful user stories for new features, carefully articulating requirements based on user insights. Communicate and document any likely implementation challenges for a particular feature or solution.&lt;/li&gt;
&lt;li&gt;Drive the creation of key assets across all relevant developer and security community channels, including content and collateral, video production, blogs and coordination across social and press.&lt;/li&gt;
&lt;li&gt;Understand market dynamics and competitive offerings.&lt;/li&gt;
&lt;li&gt;Market research and competitive analysis.&lt;/li&gt;
&lt;li&gt;Support Sales with technical training and customer product demos.&lt;/li&gt;
&lt;li&gt;Work with customer councils and external security community contributors.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Requirements&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;2-5 years of experience in Product Marketing or Product Management roles.&lt;/li&gt;
&lt;li&gt;Experience leading cross-functional projects and communicating with stakeholders.&lt;/li&gt;
&lt;li&gt;Experience working with customers and prospects particularly in understanding their Mobile Security Research development and testing needs.&lt;/li&gt;
&lt;li&gt;Experience with Mobile Security Research development and relevant tools; knowledge of the Mobile Security Research ecosystem.&lt;/li&gt;
&lt;li&gt;Bachelor&#39;s degree preferred.&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Location&lt;/h2&gt;
&lt;p&gt;While this is a fully remote role, you must be based in a United States time zone to work effectively with the team’s hours. Expected travel under 5%.&lt;/p&gt;

Product Manager, Mobile Security Research

&lt;p&gt;Corellium has product security pedigree, but you’ll be our first dedicated security hire. We’re a nimble company, open to change. You’ll play an outsize role in helping us shape our product security initiative, and have an opportunity to make a significant impact on our business.&lt;/p&gt;
&lt;p&gt;We don’t expect you to know everything, but the ideal candidate will be an expert in at least two of:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Cloud / AWS security&lt;/li&gt;
&lt;li&gt;Operating system security&lt;/li&gt;
&lt;li&gt;Hypervisor security&lt;/li&gt;
&lt;li&gt;Web application security&lt;/li&gt;
&lt;li&gt;Web application backend security&lt;/li&gt;
&lt;li&gt;Native code application security&lt;/li&gt;
&lt;li&gt;Protecting customer data and privacy&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Most importantly, the ideal candidate is willing to learn as much as they can about other areas.&lt;/p&gt;
&lt;p&gt;Responsibilities could include:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Identifying and auditing attack surfaces&lt;/li&gt;
&lt;li&gt;Creating threat models and risk assessments for existing and new features&lt;/li&gt;
&lt;li&gt;Helping us provide excellent customer data protection and privacy&lt;/li&gt;
&lt;li&gt;Hardening services, by securing configurations, improving architecture by applying the principle of least privilege, and so on&lt;/li&gt;
&lt;li&gt;Product patch management&lt;/li&gt;
&lt;li&gt;Monitoring for malicious usage&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;As a fully remote team, we rely on a lot of tools to make asynchronous work efficient. At the moment, we’re using Slack, Zoom, Jira, and Notion.&lt;/p&gt;
&lt;p&gt;Most of our team works United States business hours, so we have a preference for candidates in those time zones. However, if you’re somewhere else and you’re a great communicator and asynchronous worker, please don’t be shy!&lt;/p&gt;

Product Security Engineer

&lt;p&gt;We’re on the lookout for Senior Backend Engineers to join the Corellium engineering team. It’s a full-time, remote role, focused on developing and improving the products that are the cornerstone of our business. Specifically, we’re looking for engineers who craft their code with careful attention to detail, who enjoy taking on new challenges, and who continually seek to improve their skills.&lt;/p&gt;
&lt;p&gt;You’ll have opportunities to work on a broad range of things - never a dull moment. There are innovative tools to be developed for application testers and security researchers; backend services that must be robust, maintainable, and scalable; deep dives into mobile operating systems and applications; and a variety of other interesting challenges. You’ll have opportunities to work with brilliant engineers, to own components, and to develop subject matter expertise.&lt;/p&gt;
&lt;p&gt;To be successful in this role, you should be a highly proficient Node.JS programmer with very strong fundamentals, and you should know how to use Git. We also work with a wide variety of other tools and services, including Docker, OVN and OVS, WebRTC, Amazon Web Services, nginx, and haproxy.&lt;/p&gt;
&lt;h2&gt;Responsibilities&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Develop features and improvements to our product in a secure, well-tested, and performant way, with minimal guidance and support from other team members&lt;/li&gt;
&lt;li&gt;Collaborate with product, frontend, and other stakeholders within the engineering team to deliver high-quality code in a fast-paced, agile environment&lt;/li&gt;
&lt;li&gt;Identify and advocate for improvements to both product quality and team efficiency&lt;/li&gt;
&lt;li&gt;Solve technical problems&lt;/li&gt;
&lt;li&gt;Craft maintainable, high-quality code and conduct code reviews&lt;/li&gt;
&lt;li&gt;Contribute to APIs&lt;/li&gt;
&lt;li&gt;Participate in on-call rotations to assist in troubleshooting product operations and urgent engineering issues&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Skills and Qualifications&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;Solid fundamentals in basic programming skills, networking basics&lt;/li&gt;
&lt;li&gt;Highly proficient with Node.js (at least 5 years experience with Node)&lt;/li&gt;
&lt;li&gt;Proficient with Git and Git workflows&lt;/li&gt;
&lt;li&gt;Bachelor’s degree in computer science, information technology, or mathematics&lt;/li&gt;
&lt;li&gt;Experience in some or all of the following areas is preferable, but not required: network architecture, database architecture, security architecture, automation tools, monitoring tools, CI/CD&lt;/li&gt;
&lt;li&gt;Strong, effective communication and collaboration skills. Capacity to clearly and concisely communicate about complex technical topics, achieve consensus with peers, provide clear status updates&lt;/li&gt;
&lt;li&gt;Must be fluent in English, both written and verbal&lt;/li&gt;
&lt;li&gt;Self-motivated and self-managing, with excellent organizational skills&lt;/li&gt;
&lt;li&gt;Experience diagnosing and preventing performance and optimization problems&lt;/li&gt;
&lt;li&gt;Positive, solution-oriented mindset&lt;/li&gt;
&lt;li&gt;Comfort working in a fast-paced, agile, iterative software development process&lt;/li&gt;
&lt;li&gt;Ability to thrive in a remote organization and in a startup environment&lt;/li&gt;
&lt;li&gt;Work hours must overlap with US timezones&lt;/li&gt;
&lt;/ul&gt;

Senior Backend Engineer

&lt;p&gt;We’re on the lookout for a Senior Product (UI / UX) Designer to join the Corellium Design Team, where we focus on the strategy and execution of our brand, product, and community across the company and beyond. It’s a full-time, remote role dedicated to delivering stellar experiences for our website and product, as well as a range of upcoming projects.&lt;/p&gt;
&lt;p&gt;Specifically, we’re looking for someone who is obsessed with designing thoughtful, beautiful, and scalable experiences for our users. We appreciate people who love solving challenging problems, expanding their knowledge, and creating best-in-class solutions.&lt;/p&gt;
&lt;h2&gt;Requirements&lt;/h2&gt;
&lt;p&gt;We&#39;re looking for someone who enjoys creating experiences our customers love by collaborating closely with our other teams, specifically Engineering, Marketing and Product, to take ideas from concept to launch to growth.&lt;/p&gt;
&lt;p&gt;A great candidate would have a lean, iterative approach to design - one centered around empathy, constant learning, and ideation. It would consist of end-to-end visual design, prototyping, testing, and measuring success of products and design systems.&lt;/p&gt;
&lt;p&gt;We&#39;re looking for a designer who enjoys collaborating with others on the end-to-end design process, working with and fostering a tight-knit, collaborative, and diverse product-design environment.&lt;/p&gt;
&lt;h2&gt;What you&#39;ll be working on&lt;/h2&gt;
&lt;p&gt;We&#39;re currently working on a new design system, followed by a refresh of the website and product front-end, all from the ground-up on the latest tech and design principles. Following this, we’re looking to build out all these experiences so they&#39;re world-class, push the product front-end with new features and user research, as well as create new apps and microsites. Essentially, you&#39;ll be working on all of this with our Head of Design, spanning many disciplinary areas such as product design, UI / UX design, wireframing, prototyping and more.&lt;/p&gt;
&lt;p&gt;If you&#39;re after some specifics:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Grow, maintain and improve our design system&lt;/li&gt;
&lt;li&gt;Document our design principles and ensure they&#39;re being used correctly&lt;/li&gt;
&lt;li&gt;Work closely with the frontend team on execution and QA&lt;/li&gt;
&lt;li&gt;Design new features for the product, pages for the website and totally new initiatives&lt;/li&gt;
&lt;li&gt;Create and collaborate on flows and prototypes with the wider team&lt;/li&gt;
&lt;li&gt;Iterate on our existing design work to improve user experience and metrics&lt;/li&gt;
&lt;li&gt;Help influence a culture of high-quality aesthetics and design thinking across the company&lt;/li&gt;
&lt;li&gt;Help with establishing the culture of the product team&lt;/li&gt;
&lt;/ul&gt;
&lt;h2&gt;Who you&#39;ll work with&lt;/h2&gt;
&lt;p&gt;You&#39;ll primarily be working with our Head of Design on exploring and crafting new designs, as well as with the frontend development team for execution.&lt;/p&gt;
&lt;h2&gt;What tools you&#39;ll use&lt;/h2&gt;
&lt;p&gt;Our design tool of choice for anything is typically Figma - it’s brilliant at handling the wireframing, ideating, designing and collaboration aspects of my process. Plus, since FigJam came out, it’s been handy for brainstorming and workshops too!&lt;/p&gt;
&lt;p&gt;However, we&#39;re keen to go beyond this. Bring your own tools of choice like Framer, Principle, After Effects and more.&lt;/p&gt;
&lt;h2&gt;Location&lt;/h2&gt;
&lt;p&gt;While this is a fully remote role, we’re&amp;nbsp;&lt;em&gt;preferably&lt;/em&gt; after someone within Australia or United States working hours to work effectively with the design team’s hours (this of course means you’ll need permanent work rights your country of origin).&lt;/p&gt;

Senior Product Designer

Today’s developers and security teams struggle to efficiently and adequately test their mobile and IoT devices and apps. Here’s how we compare.

See how we stack up

Yes, cumbersome maintaining devices, images, version control, etc.

Yes, true Arm type-1 hypervisor for high performance and model and behavior accuracy.

x86 emulation is slow and lacks model and behavior accuracy.