Mobile Application Penetration Tester

Company Description

Vigilant Telecom operates with tactical precision under the tagline "Infiltrate. Expose. Neutralize." They deliver elite cybersecurity services with a focus on dominating the threat landscape. The company conducts deep penetration testing across various platforms to uncover and prioritize vulnerabilities, responding fast and effectively to neutralize threats.

Role Description

This is a full-time on-site role in Mumbai for a Mobile Application Penetration Tester at Vigilant Telecom. In this role, you will conduct comprehensive penetration testing on mobile applications to identify and exploit vulnerabilities across Android and iOS platforms. Your responsibilities will include analyzing security weaknesses, developing proof-of-concept payloads, and supporting offensive security operations to ensure the robustness of our mobile platforms.

Key Responsibilities

• Perform manual and automated penetration testing on iOS and Android applications
• Reverse engineer mobile apps to analyze logic flaws, insecure data storage, and obfuscation bypass
• Identify issues such as insecure authentication, broken cryptography, insecure communications, and improper platform usage
• Decompile APKs/IPAs, analyze source code, and craft custom payloads or exploits
• Assess API backends connected to mobile apps for common and chained vulnerabilities
• Generate technical reports with clear risk descriptions, reproduction steps, and remediation guidance
• Stay current with mobile security trends, new exploits, and platform-specific attack vectors

Qualifications

• 3+ years in mobile application penetration testing or mobile security research
• Proficiency with tools such as MobSF, Frida, Burp Suite, objection, jadx, apktool, Cycript, and Ghidra
• Strong grasp of OWASP Mobile Top 10, Android/iOS internals, and mobile app architecture
• Strong understanding of mobile application security concepts
• Experience bypassing root/jailbreak detection, SSL pinning, and obfuscation
• Familiarity with backend/API testing and mobile-to-server communications
• Scripting in Python, Bash, or JavaScript for automation and dynamic testing
• Understanding of app store review guidelines and secure coding practices for mobile
• Excellent problem-solving and analytical skills
• Relevant certifications such as OSCP, OSCE, GMOB or equivalent
• Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field