Iranian company dealing only with Iranian entities
1382
HiWEB
Privately held
Company score
3.4
HiWEB, is a FCP company which has MVNO Licensing .
DADEH GOSTAR e ASR e NOVIN (DGA Novin) has been active as one of Private Access Provider (PAP) companies since 2003. The company was privatized in 2009 and introduced the brand “HiWEB” to the telecommunication market. Operated under this brand, the company was able to quickly grow in the competitive market of data and internet access services to the extent that it was chosen as one of the top companies by the Communication Regulatory Authority (CRA) on late March, 2015 for providing services in more than 450 cities throughout Iran.
Mobile Application Penetration Testing: Perform security assessments on mobile applications (iOS, Android, and hybrid apps) to identify vulnerabilities such as insecure data storage, improper cryptography, unauthorized access, and other common mobile security issues.
Vulnerability Assessment: Use a variety of penetration testing techniques, tools, and manual testing methods to identify potential security weaknesses in mobile applications, operating systems, and mobile device configurations.
Exploit Vulnerabilities: Simulate attacks on mobile applications and systems to exploit identified vulnerabilities, and evaluate the effectiveness of current security controls and countermeasures.
Code Review & Static Analysis: Review source code, APIs, and web services for security flaws and conduct static code analysis to detect potential vulnerabilities in mobile application code.
Security Research & Trend Analysis: Stay up-to-date with the latest mobile security threats, vulnerabilities, and exploitation techniques. Research new attack vectors and emerging security risks in the mobile app ecosystem.
Security Documentation & Reporting: Produce clear, detailed, and accurate penetration test reports that include findings, risk assessments, exploitation details, and recommended remediation strategies. Communicate results to technical and non-technical stakeholders.
Security Tool Development & Customization: Develop or customize security testing tools for mobile penetration testing, if required, and contribute to toolset improvement.
Collaboration with Development Teams: Work closely with software development teams to identify vulnerabilities during the development lifecycle, and provide guidance on secure coding practices and mobile application security.
Compliance & Risk Management: Ensure mobile applications meet industry security standards and regulations (such as OWASP Mobile Top 10, GDPR, HIPAA) and assist in preparing for third-party audits or compliance assessments.
Required Skills & Qualifications:
Experience & Technical Expertise:
Proven experience (2-5 years) in mobile penetration testing or application security.
Deep understanding of mobile security concepts, including common attack vectors, secure coding practices, and risk assessment methodologies.
Hands-on experience with penetration testing tools such as Burp Suite, OWASP ZAP, Drozer, Frida, and others.
Familiarity with both iOS and Android operating systems, mobile app development frameworks, and security mechanisms (e.g., jailbreaking, rooting).
Experience with reverse engineering mobile applications and understanding of Android APK and iOS IPA file structures.
Understanding of mobile application security best practices, including OAuth, SSL/TLS, encryption techniques, and data protection.
Security Certifications (preferred):
Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or similar penetration testing certifications.
Mobile Application Security Testing certifications such as Offensive Security Mobile Security Professional (OSMSP) or EC-Council's Mobile Application Security Specialist (MASS).
Programming & Scripting Skills:
Proficiency in languages such as Python, Java, Swift, and Objective-C for scripting and automation.
Experience with reverse engineering tools like Ghidra, IDA Pro, or Radare2.
Analytical & Problem-Solving Skills:
Strong analytical skills to assess security risks and exploit vulnerabilities within complex mobile applications.
Ability to think creatively and independently when identifying attack vectors and designing exploit scenarios.
Communication & Documentation Skills:
Excellent written and verbal communication skills for delivering concise and actionable security reports.
Ability to present technical findings in a way that is accessible to both technical and non-technical stakeholders.
Job Requirements
Age
25 - 30 Years Old
Gender
Men / Women
ثبت مشکل و تخلف آگهی
ارسال رزومه برای هلدینگ های وب
برای دیدن سوابق ارسال رزومه، لطفا وارد حساب کاربری خود شوید.