Mobile Application Penetration Tester (iOS & Android)

India
Permanent
Full-time

8 days ago
Apply easily

This position is posted by Jobgether on behalf of Zimperium. We are currently looking for a Mobile Application Penetration Tester (iOS & Android) in India.This role offers the opportunity to join a high-impact cybersecurity environment where your expertise will directly protect mobile users and enterprises against next-generation threats. You will work on advanced security assessments of iOS and Android applications, applying cutting-edge methodologies to uncover vulnerabilities and strengthen overall resilience. The position demands hands-on penetration testing skills, deep technical knowledge, and creativity to simulate real-world adversarial attacks. Collaborating closely with development and security teams, you will contribute to building safer mobile ecosystems while staying ahead of evolving attack vectors. This is a challenging, dynamic position for professionals passionate about mobile security and advanced exploitation techniques.AccountabilitiesAs a Mobile Application Penetration Tester, you will:

Conduct end-to-end penetration testing of iOS and Android apps, including static, dynamic, and runtime analysis.
Evaluate mobile API integrations, authentication, encryption, and data storage mechanisms.
Identify and exploit critical vulnerabilities such as insecure storage, weak cryptography, jailbreak/root bypasses, insecure code, and logic flaws.
Utilize runtime instrumentation frameworks (Frida, Objection, Xposed) for advanced dynamic testing.
Perform certificate pinning bypass, hooking, and traffic interception with advanced proxy techniques.
Assess and attempt evasion of app protections (root/jailbreak detection, code obfuscation, anti-debugging, tamper protection).
Develop custom scripts and exploits in Python, Java, Swift, Kotlin, or C++ to simulate advanced attacks.
Produce detailed penetration test reports with risk ratings, PoCs, and actionable remediation guidance.
Support Red Team exercises by simulating adversarial mobile endpoint attacks.
Collaborate with development and security stakeholders to integrate secure coding and SDLC practices.

RequirementsRequirementsThe ideal candidate brings strong technical expertise, problem-solving ability, and a hacker mindset.

5+ years in penetration testing, with at least 3 years focused on iOS and Android apps.
Solid knowledge of OWASP Mobile Top 10 and NIST guidelines.
Expertise with tools for static & reverse engineering (Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI).
Advanced experience in runtime/dynamic testing using Frida, Objection, Cycript, LLDB, and Xposed.
Familiarity with automation frameworks (MobSF, Drozer, Appium) and proxy tools (Burp Suite Pro, OWASP ZAP, MITM tools).
Strong understanding of Android and iOS security internals, including sandboxing, Keychain, Secure Enclave, and OS models.
Hands-on use of jailbroken and rooted devices for advanced exploitation.
Knowledge of cryptography, TLS, cert pinning, and secure storage.
Ability to think creatively like an attacker, going beyond automated findings.
Preferred certifications: OSCP, OSEP, OSED, OSWE, OSMR, EWPTX, EWAPT, CRTP, CRTE (others like CEH or CAP are considered a plus).

Benefits

Competitive salary aligned with expertise and experience.
Remote-first flexibility with a focus on work-life balance.
Opportunity to work with leading-edge mobile security technologies.
Professional growth through advanced projects and Red Team exercises.
Access to certifications, training, and career development programs.
Inclusive and collaborative environment promoting innovation.
Health and wellness benefits package.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team.Thank you for your interest!#LI-CL1

Jobgether