Mobile Application Penetration Tester, iOS and Android

Job not on LinkedIn

August 26

Apply Now

Receive Emails with Similar Jobs

Zimperium

WebsiteLinkedInAll Job Openings

Cybersecurity • Enterprise • SaaS

Zimperium is a leading company in the mobile security industry, specializing in mobile endpoint and application security. They provide advanced solutions to protect mobile devices and applications, allowing enterprises to secure their mobile endpoints and enable safe access to sensitive data and systems. Zimperium's platforms integrate with various environments, including cloud, on-premises, and air-gapped setups, ensuring continuous and persistent security during development and runtime. The company is recognized for its unique focus on mobile security, offering tools that help prevent data loss, fraud, and regulatory breaches in mobile apps.

201 - 500 employees

Founded 2010

🔒 Cybersecurity

🏢 Enterprise

☁️ SaaS

💰 $12M Venture Round on 2018-11

📋 Description

• Zimperium is an industry leader in enterprise mobile security providing on-device mobile threat defense for iOS, Android, and Windows. • Protects against device, network, phishing, and application attacks using an ML-based MTD engine. • Role: perform deep security assessments of iOS and Android applications, runtime analysis, exploit development, and Red Team methodologies. • Conduct end-to-end penetration testing including static, dynamic, and runtime analysis. • Assess mobile API integrations, authentication mechanisms, encryption protocols, and data storage security. • Identify and exploit insecure data storage, weak cryptography, insecure communication, jailbreak/root bypasses, insecure code practices, and business logic flaws. • Use runtime instrumentation frameworks (Frida, Objection, Xposed) and perform certificate pinning bypass, hooking, and traffic interception. • Evaluate and attempt evasion of protections: root/jailbreak detection, code obfuscation, anti-debugging, and tamper protection. • Develop custom scripts/exploits (Python, Java, Swift, Kotlin, C++) and produce comprehensive penetration test reports with remediation steps. • Collaborate with development and research security teams and contribute to Red Team exercises.

🎯 Requirements

• 5+ years of experience in penetration testing, with at least 3 years focused on iOS and Android mobile applications. • Strong knowledge of OWASP Mobile Top 10 and NIST mobile security guidelines. • Expertise in static & reverse engineering: Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI. • Expertise in dynamic & runtime testing: Frida, Objection, Cycript, LLDB, Xposed. • Experience with automation/frameworks: MobSF, Drozer, Appium (for automation-assisted testing). • Experience with proxying & interception tools: Burp Suite Pro, OWASP ZAP, MITM tools. • Solid understanding of mobile OS internals: Android security model, iOS security architecture, Keychain, Secure Enclave, sandboxing. • Hands-on experience with jailbroken iOS and rooted Android devices for advanced exploitation. • Familiarity with cryptography, secure communications (TLS, cert pinning), and secure data storage techniques. • Ability to think like an attacker and perform creative exploitation beyond automated tool findings. • Preferred certifications: OSCP / OSEP / OSED, OSWE / OSMR, EWPTX / EWAPT, CRTP / CRTE, CEH / CAP (preferred).