Penetration Tester - Mobile App Security

Principal Accountabilities and Responsibilities :

• Perform highly technical and analytical security assessments, including manual penetration testing, of custom mobile applications, web services, and APIs.
• Conduct thorough security assessments of underlying infrastructure and networks, demonstrating a wide understanding of their security implications.
• Clearly and professionally document the root cause and risk analysis of all identified findings, ensuring comprehensive and actionable reports.
• Adhere strictly to the established security testing process, actively identifying and raising any gaps or opportunities for improvement with management.
• Work closely with DevOps teams to ensure that security testing requirements are met throughout the development lifecycle and assist in automating repetitive security tasks where possible.
• Develop a deep understanding of business functionality to apply appropriate testing methodologies tailored to specific technologies and associated risks.
• Demonstrate complex proof-of-concept exploits of vulnerabilities when required, illustrating potential impact and attack vectors.
• Assist with the coordination of security testing projects according to a structured process, including the preparation of detailed test plans, comprehensive test cases, and professional test reports.
• Provide expert advice on vulnerability remediation strategies, control implementation, and secure development practices to development and engineering Qualifications :
• 5+ years of dedicated experience in penetration testing, security assessments, or red teaming.
• Proven expertise in manually identifying and exploiting vulnerabilities in mobile applications (iOS / Android), web applications, web services, and APIs.
• Strong understanding of network protocols, operating systems (Linux, Windows), and common infrastructure components.
• Proficiency with various penetration testing tools (e.g., Burp Suite, Metasploit, Nmap, OWASP ZAP, Frida, MobSF).
• Solid understanding of common security frameworks and standards (e.g., OWASP Top 10, SANS Top 25, NIST).
• Ability to clearly articulate technical vulnerabilities and their business impact to both technical and non-technical audiences.
• Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and exploit development.
• Excellent analytical and problem-solving skills with meticulous attention to detail.
• Strong communication and collaboration skills, with the ability to work effectively with cross-functional Qualifications (Nice to Have) :
• Relevant industry certifications (e.g., OSCP, OSWE, OSCE, eCPPT, GPEN, GWAPT, GMOB).
• Experience with cloud security assessments (AWS, Azure, GCP).
• Familiarity with CI / CD pipelines and integrating security testing into DevOps workflows.
• Experience with source code review for security vulnerabilities.
• Knowledge of secure coding principles and best practices

ref : hirist.tech)