Penetration Tester
UltraViolet CyberSalary not specified
Full Time
Senior (5 to 8 years)
Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Mobile Security, Software SecurityIndustries
Requirements
Candidates must have over 5 years of penetration testing experience, with at least 3 years focused on iOS and Android mobile applications. Required skills include strong knowledge of OWASP Mobile Top 10 and NIST mobile security guidelines, expertise in static and reverse engineering tools (Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI), dynamic and runtime testing tools (Frida, Objection, Cycript, LLDB, Xposed), automation frameworks (MobSF, Drozer, Appium), and proxying/interception tools (Burp Suite Pro, OWASP ZAP, MITM tools). A solid understanding of mobile OS internals, hands-on experience with jailbroken iOS and rooted Android devices, familiarity with cryptography and secure communications, and the ability to think like an attacker are essential. Preferred certifications include OSCP, OSEP, OSED, OSWE, OSMR, EWPTX, EWAPT, CRTP, CRTE, CEH, CAP, or API Security Testing.
Responsibilities
The Mobile Application Penetration Tester will conduct end-to-end penetration testing of iOS and Android mobile applications, including static, dynamic, and runtime analysis. Responsibilities include assessing mobile API integrations, authentication mechanisms, encryption protocols, and data storage security, as well as identifying and exploiting vulnerabilities such as insecure data storage, weak cryptography, insecure communication, jailbreak/root bypasses, insecure code practices, and business logic flaws. The role involves using runtime instrumentation frameworks for dynamic testing and bypassing protections, performing certificate pinning bypass, hooking, and traffic interception, and evaluating evasion of mobile app protections. Additionally, the tester will develop custom scripts/exploits, produce comprehensive penetration test reports with remediation steps, work with development and research security teams to embed secure SDLC practices, and contribute to Red Team exercises by simulating adversarial attacks.
Skills
iOS
Android
Static Analysis
Dynamic Analysis
Runtime Analysis
Frida
Objection
Xposed
Certificate Pinning Bypass
Traffic Interception
Proxying
Root/Jailbreak Evasion
Code Obfuscation
Anti-Debugging
Tamper Protection
Custom Exploit/Script Development
Python
Java
Swift
Kotlin
C++
Mobile API Security
Mobile Application Security Testing
Zimperium
Mobile security solutions for enterprises and government
About Zimperium
Zimperium focuses on mobile security, providing solutions to protect mobile devices and applications from cyber threats. Its main product, zIPS, is a mobile threat defense software that detects and addresses threats like malware and phishing in real-time. This software is designed for enterprises and government organizations, ensuring their mobile endpoints, such as smartphones and tablets, are secure. Zimperium differentiates itself from competitors by specializing in mobile security and offering tailored consulting services to enhance clients' security strategies. The company's goal is to safeguard sensitive data across various industries, particularly in sectors like healthcare and education, where mobile security is crucial.
Dallas, TexasHeadquarters
2010Year Founded
$70.1MTotal Funding
BUYOUTCompany Stage
Consulting, CybersecurityIndustries
201-500Employees
Benefits
Hybrid Work Options
Risks
Increased competition from companies like Apple could challenge Zimperium's market position.
Sophisticated malware campaigns highlight evolving threats that could outpace current security measures.
Availability on AWS Marketplace exposes Zimperium to increased competition from other vendors.
Differentiation
Zimperium offers a mobile-first security platform for comprehensive mobile device protection.
The company provides real-time threat detection and mitigation for iOS and Android devices.
Zimperium's solutions are available on AWS Marketplace, enhancing accessibility for AWS users.
Upsides
Recognition as a leader in mobile threat defense boosts Zimperium's credibility and client attraction.
Strategic partnership with Cyvatar could expand Zimperium's reach and enhance its portfolio.
Winning Cyber Defense Magazine awards highlights Zimperium's innovation, attracting new customers.
Related Jobs
RemoteRemoteStaff Security Analyst
RoSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Penetration Tester
Strata Information GroupSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Penetration Tester
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteCloud Red Teamer
CrowdstrikeSalary not specified
- Full Time
- Junior (1 to 2 years)
RemoteThreat Hunter - Security Operations Expert
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteEngineering Manager (Mobile)
NinjaTraderSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Software Engineer, Runtime
SanitySalary not specified
- Full Time
- Senior (5 to 8 years)