Penetration Tester

Role & responsibilities

Penetration Testing & Red Teaming

• Lead and execute:

• Mobile Application Penetration Testing

  (static & dynamic analysis, jailbreak/root bypass).

• API Vulnerability & Penetration Testing

  (BOLA, mass assignment, parameter tampering).

• Web Application Vulnerability Assessments & Exploitation

  (OWASP Top 10, custom attacks).

• Network Penetration Testing

  (internal & external infrastructure).
• Simulate

  real-world attack chains

  across mobile API cloud infra, including privilege escalation and data exfiltration.
• Perform

  reverse engineering

  of mobile binaries (IPA/APK), patch protections, and bypass anti-debugging

Security Tools & Frameworks

• Proficiency with reverse engineering tools:

  Ghidra, IDA Pro, Hopper, Radare2

  .
• Skilled in

  OWASP ZAP

  and aligned with

  OWASP MSTG/MASVS

  frameworks.
• Ability to create custom tools/scripts for automation and exploit development.

Programming & Scripting Skills

• Hands-on experience with:

  C/C++, Objective-C, Swift, Java, Kotlin, Python

  .
• Ability to build custom security testing tools and automation frameworks.

API & Cloud Security

• Deep knowledge of

  OAuth2.0, JWT, OpenID Connect, SAML

  .
• Familiarity with securing

  cloud-native APIs

  and identifying misconfigurations.

Preferred candidate profile

• 5+ years of experience in code review, application security testing, or web application development
• Excellent written and verbal communication skills • Strong scripting skills (e.g. Python, Ruby, Perl) • Experience with cloud platforms, such as AWS, and knowledge of cloud security best practices • Familiarity with development technologies like Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. • Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices • Technical background in application development, networking/system administration, security testing, or related fields • Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques • Preferred, but not required - one or more relevant certifications such as Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist.