4 Mobsf Jobs

Key Responsibilities Conduct penetration tests on web and mobile applications , networks , thick clients , and systems to identify vulnerabilities. Perform manual and automated testing to simulate cyberattacks and exploit potential security flaws. Create detailed reports of vulnerabilities including descriptions, proof of concepts, business impact , and actionable remediation steps . Perform retesting to validate fixes and confirm mitigations. Analyze security issues related to web apps, network protocols, OSs , and cloud platforms . Stay updated with the latest cybersecurity threats , vulnerabilities , and attack techniques . Coordinate with application and infrastructure teams during the assessment lifecycle and deliver clear, comprehensive reports. Requirements Proven experience as a Penetration Tester or in a cybersecurity role. Strong understanding of: OWASP Mobile Top 10 OWASP Web Top 10 MITRE ATT&CK framework Proficiency in tools such as: Burp Suite , Frida , MobSF , Nmap , Wireshark , Metasploit Hands-on experience with: SSL pinning bypass Jailbreak/root detection bypass Certificate validation flaws Mobile app reverse engineering Familiarity with operating systems like Windows , Kali Linux , and macOS Exposure to cloud platforms such as AWS , Azure , or GCP Knowledge of scripting/programming languages such as Python , Bash , or PowerShell (preferred) Relevant certifications are a strong advantage: CEH , OSCP , or similar Preferred Skills Prior experience in mobile application penetration testing Ability to work independently and manage time effectively Excellent communication skills , especially in conveying technical findings to non-technical stakeholders Skills Information Security,Data Analysis,Penetration Testing

About Us: At LXME, were building Indias first full-stack financial platform designed exclusively for women. Trust, security, and reliability are at the heart of our mission to empower millions of women to confidently save, manage, and invest their money. As we scale, we&aposre looking for an App Security Engineer to lead our application security efforts across the stack. What Youll Do ? Champion and implement security best practices across mobile apps, backend APIs, and third-party integrations ? Conduct mobile application security testing (static & dynamic), and work with teams to remediate findings ? Identify, report, and fix vulnerabilities using frameworks like OWASP Mobile Top 10 and OWASP Web Top 10 ? Collaborate with developers to embed security early in the SDLC (Shift Left approach) ? Perform code reviews with a security focus and help define secure coding standards ? Own and manage security audits, VAPT engagements, and contribute to compliance efforts ? Evaluate and integrate tools for app shielding, code obfuscation, root/jailbreak detection, and anti-tampering ? Monitor for real-time threats and incidents, and drive timely mitigation What Were Looking For ? 36 years of hands-on experience in application or mobile app security ? Strong experience with tools like MobSF, Frida, Burp Suite, OWASP ZAP, etc. ? Solid understanding of Android and iOS security models, encryption, and app hardening ? Experience working with secure authentication flows (e.g., OAuth2.0, tokenization, UPI integrations) ? Familiarity with compliance and security standards: RBI, PCI-DSS, ISO 27001, etc. ? Proficient in scripting and automation using Python, Bash, or similar ? Strong communication skills, with the ability to explain technical risks to non-technical stakeholders Nice to Have ? Experience in bug bounty triage, threat modeling, or red teaming ? Exposure to DevSecOps, SAST/DAST tools, and CI/CD security integration ? Security certifications like CEH, OSCP, CISSP, or GIAC GWEB Why Join Us ? Play a key role in our security-first culture as we scale nationally ? Work on meaningful challenges at the intersection of fintech and womens empowerment ? Be part of a mission-driven, collaborative team that values high ownership and impact Show more Show less

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. We are looking for an expert in Android application development with solid foundation in enterprise and commercial applications, interested in building highly performant mobile apps with Jetpack and Kotlin. Your primary focus will be on leading a team, proposing reference architectures, creating estimates, and giving inputs to client proposals. You will also lead the development of user interface and reusable components. You will ensure that these components and the overall application are robust and easy to maintain. A commitment to collaborative problem solving, sophisticated expandable design, and quality product is important. **Responsibilities:** - Developing new user interface using Jetpack compose - Networking Libraries and integration with third-party frameworks - Building reusable components and libraries for future use - Translating designs and wireframes into high quality code - Ability to optimize the code through the use of instruments or various techniques of memory profiling - Guiding the team to follow best industry practices to deliver clean code while keeping performance in check - Fostering teamwork and leading by example - People and Stakeholder management by close interaction with clients and internal stakeholders **Experience:** - 6+ years experience in Android native application development with Jetpack compose and Kotlin - Excellent UI/UX and architecture skills - Ability to transform the design into code quickly - Experience in unit testing and ensuring the developed code passes the quality gate from Sonar - Experience in identifying code quality issues during code reviews - JSON, REST and Web Services, low energy peripheral devices integration - Experience in setting up continuous integration processes and automated unit/UI testing - Jira, git or other tools **Must have skills:** - In-depth knowledge in Kotlin and Jetpack compose - Expertise in Retrofit, Volley, RoomDB, SharedPreferences, Hilt, Dagger, Co-routines - Understanding and implementing accessibility - Ability to Perform concurrency and performance testing - Ability to organize large-scale front-end mobile application codebases using common mobile design patterns such as MVVM, MVC or Viper - Understanding and working in Snapshot testing - In-depth understanding of layouts - Understanding of interactive application development paradigms, GUI, memory management, file I/O, network & socket programming, concurrency, and multi-threading - Developing cutting-edge functional modules that will be integrated across our application - Experience in code versioning tools such as Git or SVN - Understanding and Implementation of SOLID principles in an Android Application - Staying abreast of latest Android platform features and proposing the evolution of the application to take advantage of the same - Experience with two-way data synchronization between client and server database for applications that support offline capability - Unit-testing code for robustness, including edge cases, usability, and general reliability - Continuously discovering, evaluating, and implementing new technologies to maximize development efficiency - Experience in implementing security policies - Experience in automation, CI/CD, and Unit testing frameworks - Ability to analyze crash logs and provide fixes - Ability to write code that passes multiple quality gates from Checkmarx, MobSF, Sonar, etc., - Good knowledge of fixing quality issues from Checkmarx and fixing issues from Penetration Testing **Nice to have skills:** - AWS/Azure or any cloud exposure - SSO, LDAP, OAuth, SSL integration - Experience in emerging technologies such as IoT, AI/ML, etc. - Awareness of enterprise Mobile Application Management (MAM)/Mobile Device Management (MDM) frameworks such as Microsoft Intune, Citrix Endpoint Management will be a plus - More advanced data handlers such as WebSockets and Offline mobile applications - Awareness of Enterprise mobile applications and data protection policies and methods would be a plus EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

About the Role As a Security Engineer 2, you will be a key player in maturing our product security posture. You won't just find vulnerabilities; you'll help us build more secure products from the ground up. Your work will directly protect our customers and the business by focusing on offensive security testing, proactive threat modeling, and embedding security into our development lifecycle and company culture. What you will do Application Security Testing: Conduct comprehensive security assessments (VAPT) of our web platforms, APIs, network and mobile applications (iOS & Android) to identify and mitigate vulnerabilities. Offensive Security: Plan and execute red team and purple team exercises to simulate real-world attacks, test our defenses, and provide actionable recommendations to improve our security posture. Threat Modeling: Lead threat modeling sessions for new and existing features, collaborating with engineering teams to identify potential threats in the design phase and integrate security requirements into the product lifecycle. DevSecOps & Automation: Enhance our CI/CD pipeline by integrating security tools (SAST, DAST, IAST). Develop and implement hands-on security automation to streamline security processes and improve our detection and response capabilities. Security Culture & Awareness: Drive key security culture initiatives, including managing the Security Champions program, conducting phishing simulations, and delivering developer awareness training sessions. Risk & Compliance: Contribute to compliance and risk management efforts, such as ISO 27001 readiness, third-party risk management (TPRM), and Business Continuity/Business Impact Analysis (BCP/BIA). Security Partnership: Act as a security subject matter expert for developers, providing guidance on secure coding practices, vulnerability remediation, and security best practices through code reviews and consultations. Code Review: Perform manual and automated code reviews to identify security-critical bugs. Bug Bounty: Assist in managing our bug bounty program, including triaging submissions and engaging with security researchers. What You Will Need Experience: 3-5 years of hands-on experience in a product security or application security role. Education: A Bachelor's or Master's degree in Computer Science, Information Security, or a related field is preferred. Mobile Security Expertise: Strong experience in mobile application security assessments for both Android and iOS.Proficiency with mobile security tools like Frida, Objection, Drozer, MobSF, ADB, etc.Deep understanding of the OWASP MASVS framework and mobile-specific vulnerabilities (insecure webview, insecure deeplink, insecure data storage, flawed cryptography, etc.). Web & API Security Expertise: Proven ability to perform security assessments on web applications and APIs, with a strong understanding of the OWASP Top 10 for both. Experience testing for complex vulnerabilities in authentication, authorization, session management, and business logic. Offensive Security & Threat Modeling: Demonstrated experience planning and executing red team exercises . Proven ability to lead threat modeling sessions and integrate findings into the SDLC. General Skills & Acumen: Strong analytical and problem-solving skills.Excellent communication skills, with the ability to explain complex security issues to both technical and non-technical audiences. Familiarity with DevSecOps principles and CI/CD pipeline security automation. (Bonus Points) Active participation in public or private bug bounty programs is a huge plus. Experience with security awareness initiatives (e.g., Security Champions) and compliance frameworks (e.g., ISO 27001, TPRM) is also highly desirable.