Key Words: Mobile Security, Penetration Testing, Mobile Application Penetration Testing, Web Application Penetration testing, Android Security Testing, iOS Security Testing, Mobile Security Research, Swift, Kotlin, Objective-C, Java applications, IDA Pro, Ghidra, Frida.re, ARM architectures, SSL pinning, Root/jailbreak detection, Anti-tampering, In-app VPN
Role: Mobile Application Security Researcher
Function: Mobile security, Penetration testing, Lead/Principal
Our client is a global multinational specialist company that is focused on delivering a comprehensive range of IT Security services to blue-chip and public sector clients. Their philosophy is to deliver high-quality testing, consultancy services and unsurpassed levels of support to the client base. They offer specialization in areas like Information Security, Penetration Testing, Red Teaming, PCI & Payment Security, Research, Security Assessments, Compliance, Mobile Security, Incident Response, Scanning Services, Training, Threat Modelling, Cyber Security, Cyber Defense, and Phishing Assessments. Our client offers a positive, enthusiastic working environment where knowledge sharing is encouraged between all members of the organisation, with excellent training provided to help team members upskill themselves to become better at what they do.
About the Mobile Application Security Researcher
· Conduct security research on latest version of iOS and Android platforms
· Write exploits, find new techniques to overcome mitigation technologies
· Analysis of applications to identify their security weaknesses and highlight any unexpected behaviour
· Conduct end-to-end security testing on android and iOS mobile applications to identify exploitable vulnerabilities
· Utilise penetration testing or threat modelling tools both open source and commercial.
· Creation of reports and presentation for clients, both technical and executive members
· Offer insight into the latest cyber security threats
· Development of proof of concepts for possible mobile security threats.
· Research new attack methods to bypass them.
· Lead mobile penetration testing activities.
· Lead/mentor junior consultants on mobile security projects.
Please note: Interested Applicants must be able to work in Singapore.
· Strong experience performing compliance testing of mobile applications that meet certain Technology Security Standards and regulatory/industries requirements such as MAS Technology Risk Management guidelines, OWASP Mobile Security Testing guidelines.
· In-depth knowledge of iOS and/or Android architecture and its underlying security mechanisms.
· Experienced in secure code review of Swift, Kotlin, Objective-C and Java applications.
· Skilled with various reverse engineering tools such as IDA Pro, Ghidra, Frida.re hooking framework or equivalent of these.
· Knowledge of ARM architectures (armeabi-v7a, arm64-v8a, etc.) is an advantage.
· Experience bypassing various security mechanisms commonly present in mobile applications such as but not limited to SSL pinning, root/jailbreak detection, anti-tampering, in-app VPN, etc.
· Ability to develop BURP extensions to aid with mobile and web application tests.
· Over 8 years of security experience with at least 4 to 5 years spent in mobile security, and a least 1 or 2 years in a Senior Consultant, Team lead or Principal capacity.
If you are interested to learn more about the above job role or any other job opportunities, please apply to this job advertisement or alternatively contact the following consultant:
SearchElect Pte. Ltd. adheres to the Singapore Ministry of Manpower Tripartite guidelines on Non-Discriminatory Job Advertisements which you can find more information about HERE. If you feel any part of this job advertisement is discriminatory please immediately raise to our attention via [email protected]. We take these matters seriously and thank you for your cooperation.