هلدینگ های وب
هلدینگ های وب

Mobile Penetration Tester

Tehran/ Ozgol
Full Time
شنبه تا چهارشنبه
-
-
1001 - 5000 employees
Internet Provider / E-commerce / Online Services
Iranian company dealing only with Iranian entities
1382
HiWEB
Privately held
توضیحات بیشتر

key Requirements

2 years experience in similar position

Job Description

Key Responsibilities:

  • Mobile Application Penetration Testing:
    Perform security assessments on mobile applications (iOS, Android, and hybrid apps) to identify vulnerabilities such as insecure data storage, improper cryptography, unauthorized access, and other common mobile security issues.
  • Vulnerability Assessment:
    Use a variety of penetration testing techniques, tools, and manual testing methods to identify potential security weaknesses in mobile applications, operating systems, and mobile device configurations.
  • Exploit Vulnerabilities:
    Simulate attacks on mobile applications and systems to exploit identified vulnerabilities, and evaluate the effectiveness of current security controls and countermeasures.
  • Code Review & Static Analysis:
    Review source code, APIs, and web services for security flaws and conduct static code analysis to detect potential vulnerabilities in mobile application code.
  • Security Research & Trend Analysis:
    Stay up-to-date with the latest mobile security threats, vulnerabilities, and exploitation techniques. Research new attack vectors and emerging security risks in the mobile app ecosystem.
  • Security Documentation & Reporting:
    Produce clear, detailed, and accurate penetration test reports that include findings, risk assessments, exploitation details, and recommended remediation strategies. Communicate results to technical and non-technical stakeholders.
  • Security Tool Development & Customization:
    Develop or customize security testing tools for mobile penetration testing, if required, and contribute to toolset improvement.
  • Collaboration with Development Teams:
    Work closely with software development teams to identify vulnerabilities during the development lifecycle, and provide guidance on secure coding practices and mobile application security.
  • Compliance & Risk Management:
    Ensure mobile applications meet industry security standards and regulations (such as OWASP Mobile Top 10, GDPR, HIPAA) and assist in preparing for third-party audits or compliance assessments.

    Required Skills & Qualifications:

    • Experience & Technical Expertise:
      • Proven experience (2-5 years) in mobile penetration testing or application security.
      • Deep understanding of mobile security concepts, including common attack vectors, secure coding practices, and risk assessment methodologies.
      • Hands-on experience with penetration testing tools such as Burp Suite, OWASP ZAP, Drozer, Frida, and others.
      • Familiarity with both iOS and Android operating systems, mobile app development frameworks, and security mechanisms (e.g., jailbreaking, rooting).
      • Experience with reverse engineering mobile applications and understanding of Android APK and iOS IPA file structures.
      • Understanding of mobile application security best practices, including OAuth, SSL/TLS, encryption techniques, and data protection.
    • Security Certifications (preferred):
      • Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or similar penetration testing certifications.
      • Mobile Application Security Testing certifications such as Offensive Security Mobile Security Professional (OSMSP) or EC-Council's Mobile Application Security Specialist (MASS).
    • Programming & Scripting Skills:
      • Proficiency in languages such as Python, Java, Swift, and Objective-C for scripting and automation.
      • Experience with reverse engineering tools like Ghidra, IDA Pro, or Radare2.
    • Analytical & Problem-Solving Skills:
      • Strong analytical skills to assess security risks and exploit vulnerabilities within complex mobile applications.
      • Ability to think creatively and independently when identifying attack vectors and designing exploit scenarios.
    • Communication & Documentation Skills:
      • Excellent written and verbal communication skills for delivering concise and actionable security reports.
    Ability to present technical findings in a way that is accessible to both technical and non-technical stakeholders.

Job Requirements

Age
25 - 30 Years Old
Gender
Men / Women

ثبت مشکل و تخلف آگهی

ارسال رزومه برای هلدینگ های وب