Security Penetration Tester (Mobile)

At blubank, we are seeking talented, dynamic, and enthusiastic individuals as a Security Penetration Tester to join our friendly and professional team. If you’re looking for a workplace where you can grow and continuously learn, this opportunity is for you!

Responsibilities:

• Conduct comprehensive penetration testing of mobile applications, devices, and APIs to identify vulnerabilities and risks.

• Perform static (SAST) and dynamic (DAST) analysis of mobile applications.

• Exploit identified vulnerabilities to determine potential impacts and validate remediation.

• Risk Mitigation & Consulting:

• Provide expert guidance to developers and security teams to remediate identified vulnerabilities.

• Assist in defining security controls for mobile application development and deployment.

• Tooling & Innovation:

• Develop or customize tools/scripts for testing and exploit purposes

• Stay updated on emerging threats, vulnerabilities, and security technologies specific to mobile ecosystems

• Compliance and Standards:

• Ensure alignment with industry standards such as OWASP Mobile Security Testing Guide (MSTG), GDPR, PCI-DSS, or other relevant frameworks.

• Support compliance audits by providing evidence of testing and mitigations.

• Reporting & Documentation:

• Document findings in detailed technical reports, including vulnerability descriptions, risk levels, and remediation recommendations.

• Present assessment results to technical and non-technical stakeholders in clear and actionable formats.

• Collaborate with software development teams to address vulnerabilities during the development lifecycle.

• Engage with external auditors and clients to explain testing methodologies and findings when required.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• Relevant certifications (e.g., OSCP, CEH, GPEN, GWAPT, or CISSP).

• 2-5 years of experience in web application penetration testing, vulnerability assessment, or a related field.

• Proven experience with tools such as Burp Suite, OWASP ZAP, Metasploit, and Ness

• Strong knowledge of mobile operating systems (iOS, Andr oid) and their security models.

• Proficiency in mobile app testing tools (e.g., Burp Suite, OWASP ZAP, MobSF, Frida, or JADX).

• Familiarity with reverse engineering and decompilation tools.

• Experience with secure coding practices and understanding of cryptography principles

• Familiarity with programming languages (Java or JS).

• Strong analytical and problem-solving abilities.

• Excellent written and verbal communication skills for technical and non-technical audiences.

• Ability to prioritize and manage multiple projects under tight deadlines

Benefits:

• Work from home option

• Flexible working hours

• Training courses and professional development opportunities

• Military service project (Limited)

• Supplemental health insurance

• Team-building budget

• Performance-based bonuses

• Loans

• Lunch subsidies