Core Responsibilities & Technical Requirements
- Strong hands-on experience performing compliance testing of mobile applications that meet certain Technology Security Standards and regulatory/industries requirements, eg MAS TRM, OWASP MSTG
- In-depth knowledge of iOS/android architecture, including their underlying security mechanisms
- Experienced with performing secure code review of Swift / Kotlin/Objective-C and Java applications.
- Proficient with various reverse engineering tools such as IDA Pro, Ghidra, as well as Frida.re hooking framework or equivalent.
- Knowledge of RM architectures (armeabi-v7a, arm64-v8a, etc) an advantage.
- Experience analyzing and bypassing various security mechanisms commonly present in mobile applications (SSL pinning, root/jailbreak detection, anti [tampering, in-app VPN, etc).
- Ability to develop BURP extensions to aid with mobile and web application tests.
- Solid experience conducting Web Application Penetration tests following industry standards methodologies.
- Ability to conduct comprehensive source code reviews across multiple languages (mobile, web, backend).
- Web & Infrastructure Security Testing
Qualifications & Skills
- Bachelor's degree in Computer Science,Information Security, or related discipline.
- Minimum 2years of hands-on penetration testing or relevant offensive security experience.
- CREST CRT certification mandatory.
- Additional certifications such as OSCP, OSCE, OSEE, OSWE, Red Teaming, Cloud Security, Artificial Intelligence security credentials are advantageous.
- Excellent oral and written communication skills, including the ability to present technical findings.
- Strong organizational and time management skills able to manage multiple engagements and meet tight deadlines.
- Self-motivated, proactive and able to work independently or as part of a team.
