Principal Mobile Application Penetration Tester

We are looking for a Principal Mobile Application Penetration Tester to join a global cybersecurity team focused on securing modern mobile platforms and applications. This is a senior, hands-on role for a security expert passionate about offensive security, mobile application testing, and continuously evolving attack surfaces. The role offers the opportunity to work on advanced mobile security challenges while contributing to broader application and infrastructure security initiatives.

• 3–5+ years of hands-on penetration testing experience with strong focus on mobile application security
• Experience testing iOS and Android applications
• Strong knowledge of OWASP MASVS and MSTG
• Understanding of mobile attack vectors, authentication mechanisms, and secure application design
• Experience with manual and automated security testing techniques
• Good understanding of TCP/IP and network security fundamentals
• Scripting or programming experience
• Strong analytical and communication skills
• Ability to explain technical risks to both technical and business stakeholders

Nice to have:

• Experience with Corellium platform
• Knowledge of SAST, DAST, and IAST tooling
• Experience with APIs, microservices, and cloud-native architectures
• Code review experience in Java, Kotlin, Swift, or Objective-C
• Knowledge of OAuth2, JWT, biometrics, and SSL pinning
• Experience with secure SDLC practices
• Background in financial services or regulated industries

• Lead end-to-end mobile application penetration testing engagements for iOS and Android platforms
• Perform security assessments, exploitation, validation, and reporting activities
• Deliver clear remediation guidance and risk-based recommendations
• Define and improve mobile testing methodologies, standards, and playbooks
• Act as a senior escalation point for complex security findings and technical challenges
• Support vulnerability management and remediation tracking processes
• Contribute to tooling improvements, automation, and internal security frameworks
• Collaborate with global cybersecurity and engineering teams
• Mentor penetration testers through technical reviews and knowledge sharing
• Stay current with emerging attack vectors, mobile threats, and security research