Mobile Application Security Tester (MAST)

Key Responsibilities:

Conduct Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) on mobile applications.

Perform reverse engineering, penetration testing, and runtime analysis to identify security flaws.

Analyze mobile app permissions, API security, and cryptographic implementations to detect vulnerabilities.

Use tools like NowSecure, MobSF, Frida, Burp Suite, Drozer, Ghidra, and similar for security assessments.

Test Android and iOS applications for OWASP Mobile Top 10 vulnerabilities.

Review network traffic, data storage, and authentication mechanisms for potential risks.

Work with development and DevSecOps teams to integrate security best practices in CI/CD pipelines.

Document findings and provide detailed remediation guidance to developers and stakeholders.

Stay updated with emerging mobile security threats, vulnerabilities, and industry trends.

Required Skills & Qualifications:

Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.

2 years of experience in mobile application security testing.

Hands-on experience with Android and iOS security testing methodologies and tools.

Knowledge of mobile app architecture, API security, and secure coding practices.

Strong understanding of encryption, obfuscation, and code-signing techniques.

Experience with Jailbreak/Root detection bypass techniques.

Familiarity with MITM attacks, SSL pinning bypass, and mobile forensics.

Work with the client to communicate and explain the findings and support in remediation.

Certifications like OSCP, eMAPT, GMOB, or similar are a plus.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.