Security Penetration Tester (Mobile)

At blubank, we are seeking talented, dynamic, and enthusiastic individuals as a Security Penetration Tester to join our friendly and professional team. If you’re looking for a workplace where you can grow and continuously learn, this opportunity is for you!

Responsibilities:

• Conduct comprehensive penetration testing of mobile applications, devices, and APIs to identify vulnerabilities and risks.
• Perform static (SAST) and dynamic (DAST) analysis of mobile applications.
• Exploit identified vulnerabilities to determine potential impacts and validate remediation.
• Risk Mitigation & Consulting:
• Provide expert guidance to developers and security teams to remediate identified vulnerabilities.
• Assist in defining security controls for mobile application development and deployment.
• Tooling & Innovation:
• Develop or customize tools/scripts for testing and exploit purposes
• Stay updated on emerging threats, vulnerabilities, and security technologies specific to mobile ecosystems
• Compliance and Standards:
• Ensure alignment with industry standards such as OWASP Mobile Security Testing Guide (MSTG), GDPR, PCI-DSS, or other relevant frameworks.
• Support compliance audits by providing evidence of testing and mitigations.
• Reporting & Documentation:
• Document findings in detailed technical reports, including vulnerability descriptions, risk levels, and remediation recommendations.
• Present assessment results to technical and non-technical stakeholders in clear and actionable formats.
• Collaborate with software development teams to address vulnerabilities during the development lifecycle.
• Engage with external auditors and clients to explain testing methodologies and findings when required.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Relevant certifications (e.g., OSCP, CEH, GPEN, GWAPT, or CISSP).
• 2-5 years of experience in web application penetration testing, vulnerability assessment, or a related field.
• Proven experience with tools such as Burp Suite, OWASP ZAP, Metasploit, and Ness
• Strong knowledge of mobile operating systems (iOS, Andr oid) and their security models.
• Proficiency in mobile app testing tools (e.g., Burp Suite, OWASP ZAP, MobSF, Frida, or JADX).
• Familiarity with reverse engineering and decompilation tools.
• Experience with secure coding practices and understanding of cryptography principles
• Familiarity with programming languages (Java or JS).
• Strong analytical and problem-solving abilities.
• Excellent written and verbal communication skills for technical and non-technical audiences.
• Ability to prioritize and manage multiple projects under tight deadlines.

Benefits:

• Work from home option
• Flexible working hours
• Training courses and professional development opportunities
• Military service project (Limited)
• Supplemental health insurance
• Team-building budget
• Performance-based bonuses
• Loans
• Lunch subsidies