Overview
Remote
$100,000 - $110,000
Full Time
Skills
Penetration Testing
OWASP
Mobile
MobSF
API
Job Details
- Mobile App Pentesting: 3+ years of hands-on experience testing Android and iOS applications in enterprise environments. Strong familiarity with OWASP MASVS/MASTG, including mapping test cases to MASVS levels and documenting coverage.
- Proficient in performing static/dynamic analysis using tools like MobSF, JADX, Hopper, Ghidra, ClassyShark, Frida, Objection, and Xposed to review APK/IPA files and manipulate runtime behavior.
- Experience with bypassing root/jailbreak detection, debugger checks, and anti-tampering mechanisms; skilled to identify/exploit mobile app vulnerabilities related to insecure data storage, communication, authentication/session management, platform usage, and code injection/runtime manipulation.
- Familiarity with mobile device management (MDM) and platform-specific security features such as Android Keystore, iOS Keychain, App Transport Security (ATS), and biometric authentication.
- Proficient in SSL/TLS interception and bypass techniques, including certificate pinning bypass using tools like mitmproxy, Charles Proxy, and custom scripts.
- Web & API Penetration Testing: 2+ years of hands-on experience with modern web apps and APIs. Deep understanding of OWASP Top 10, API Security Top 10, and SANS Top 25 vulnerabilities.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.