Mobile Application Security Lead (AppSec)

Job Overview:

Key Responsibilities:

• Lead and execute mobile app security testing for Android and iOS platforms.
• Perform both automated and manual penetration testing including:
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Runtime instrumentation and analysis
• Reverse engineer APKs/IPAs to identify vulnerabilities such as hardcoded secrets and logic flaws.
• Identify and report security issues based on OWASP Mobile Top 10, insecure storage, transport layer issues, and platform-specific flaws.
• Use advanced tools: Frida, Objection, MobSF, Burp Suite, Jadx, APKTool, Xposed, Postman, etc.
• Prepare detailed technical reports with:
• Risk ratings (CVSSv4/custom)
• Proof of Concept (PoC)
• Practical remediation recommendations
• Interact with client-side stakeholders such as AppDev, QA, and InfoSec teams.
• Review and validate deliverables prepared by junior team members.
• Assist in pre-sales efforts: scope definition, effort estimation, and technical discussions.
• Mentor and train junior security analysts in mobile AppSec practices.
• Stay up-to-date with the latest mobile vulnerabilities, trends, and tools.

Required Skills:

• Strong understanding of mobile security architecture, Android/iOS internals, and sandboxing
• In-depth knowledge of OWASP Mobile Top 10 and MASVS
• Proficient in tools such as:
• Frida, Objection, Burp Suite, MobSF, Charles Proxy, APKTool, Jadx
• Postman/Insomnia for API testing
• Experience with Jailbreaking/Rooting, SSL pinning bypass, and secure coding practices
• Familiarity with software development life cycle (SDLC) and CI/CD environments
• Experience in ticketing systems like Jira, ServiceNow, etc.

Preferred Certifications:

• CEH
• eMAPT
• eWPTXv2

Bonus Points For:

• Knowledge of mobile CI/CD security pipeline
• Familiarity with banking/fintech security standards (RBI, PCI DSS, etc.)
• Experience in effort estimation and VAPT project planning