Zimperium® is an industry leader in enterprise mobile security, being the first and only company to provide a complete mobile threat defense system that offers real-time, on device world-class protection against both known and unknown next generation of advanced mobile cyberattacks and malware.Our MTD and award-winning machine learning-based engine protects against device, network, phishing and application attacks for IOS, Android and Windows devices, using a non-intrusive approach to always protect privacy of users.As part of our fast-growing pace, we are currently looking for an experienced
Mobile Application Penetration Tester
with deep expertise in
security assessments
of iOS and Android applications. The role requires advanced skills in
runtime analysis, exploit development, and Red Team methodologies
. You will be responsible for simulating real-world adversarial attacks, uncovering critical vulnerabilities, and working closely with stakeholders to strengthen the security posture of mobile ecosystems.
Key Responsibilities
- Conduct end-to-end penetration testing of iOS and Android mobile applications, including static, dynamic, and runtime analysis.
- Assess mobile API integrations, authentication mechanisms, encryption protocols, and data storage security.
- Identify and exploit vulnerabilities such as insecure data storage, weak cryptography, insecure communication, jailbreak/root bypasses, insecure code practices, and business logic flaws.
- Use runtime instrumentation frameworks (Frida, Objection, Xposed) for dynamic testing and bypassing protections.
- Perform certificate pinning bypass, hooking, and traffic interception using advanced proxying techniques.
- Evaluate and attempt evasion of mobile app protections such as root/jailbreak detection, code obfuscation, anti-debugging, and tamper protection.
- Develop custom scripts/exploits (Python, Java, Swift, Kotlin, or C++) for advanced testing scenarios.
- Produce comprehensive penetration test reports, including risk ratings, proof-of-concept exploits, and actionable remediation steps.
- Work closely with development and research security teams to embed secure SDLC practices.
- Contribute to Red Team exercises by simulating adversarial attacks against mobile endpoints.
Required Skills & Experience
- 5+ years of experience in penetration testing, with at least 3 years focused on iOS and Android mobile applications.
- Strong knowledge of OWASP Mobile Top 10, and NIST mobile security guidelines.
- Expertise in:
- Static & Reverse Engineering: Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI.
- Dynamic & Runtime Testing: Frida, Objection, Cycript, LLDB, Xposed.
- Automation/Frameworks: MobSF, Drozer, Appium (for automation-assisted testing).
- Proxying & Interception: Burp Suite Pro, OWASP ZAP, MITM tools
- Solid understanding of mobile OS internals (Android security model, iOS security architecture, Keychain, Secure Enclave, sandboxing).
- Hands-on experience with jailbroken iOS and rooted Android devices for advanced exploitation.
- Familiarity with cryptography, secure communications (TLS, cert pinning), and secure data storage techniques.
- Ability to think like an attacker and perform creative exploitation beyond automated tool findings.
Preferred Certifications
- OSCP / OSEP / OSED (Offensive Security)
- OSWE / OSMR (Offensive Security Web & Mobile certs)
- EWPTX / EWAPT (eLearnSecurity)
- CRTP / CRTE (Red Team certs)
- CEH / CAP / API Security Testing (good to have, but not mandatory if strong hands-on skills)
Zimperium is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.
Job DetailsRole Level: Mid-Level Work Type: Full-Time Country: India City: india Company Website: http://www.zimperium.com Job Function: Engineering Company Industry/Sector: Computer and Network SecurityWhat We Offer
About The Company
Searching, interviewing and hiring are all part of the professional life. The TALENTMATE Portal idea is to fill and help professionals doing one of them by bringing together the requisites under One Roof. Whether you're hunting for your Next Job Opportunity or Looking for Potential Employers, we're here to lend you a Helping Hand.ReportSimilar JobsCustomer Success Manager Key AccountsTalentmateCustomer Support Engineer - Mobile Apps And Cybersecurity BangaloreTalentmateSenior Security ResearcherTalentmateCustomer Success Manager Technical UAETalentmateAlgoNext Automation Developer IndiaTalentmateCloudFlow Automation Developer IndiaTalentmateDisclaimer: talentmate.com is only a platform to bring jobseekers & employers together. Applicants are advised to research the bonafides of the prospective employer independently. We do NOT endorse any requests for money payments and strictly advice against sharing personal or bank related information. We also recommend you visit Security Advice for more information. If you suspect any fraud or malpractice, email us at abuse@talentmate.com.
