Sr. Penetration Tester (Android)

We are looking for a Sr. Penetration Tester (Android) who will be responsible for working as part of the Development Quality Innovation (DQI) lab in a dual role. First, to research new automation tools as well as take current tools and refine them to our needs. Second, act as a centralized QI group to provide quality assessment and penetration testing operations.

This duality provides a unique opportunity to explore new concepts in different technologies and perform original research in the quality and security domain.

Role and Responsibilities:

• Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios.
• Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Web application, Android platform, Android Apps, Backend APIs, and Cloud services.
• Research & and conduct adversary simulation for known security threats and identify novel attack vectors to test a system’s relative security readiness.
• Conduct Threat modelling, Threat Intelligence and scoping with stakeholders.
• Assist in creating and maintaining internal penetration testing and practice within QA team, managing vulnerabilities and tracking until closure.
• Build Test harness & required Automation suites and validate attack vectors in Threat Lab.
• Co-ordinate with program management, security architects at Internal & offshore sites.
• Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices.
• Research and developing exploits for zero-day vulnerabilities.
• Conduct penetration test on IOT and Firmware Devices.

Necessary Skills and Attributes:

• Self-motivated individual with the ability to thrive in a team-based or independent environment.
• Detail-oriented with strong organization skills.
• Ability to work in a fast-paced environment.
• Limited supervision and the exercise of discretion.
• Blog post on security research, CVEs, walkthroughs or PoCs on security domain is a plus.

Required Experience and Education:

• 5 years’ experience in Penetration testing, including 2 year experience in Android and 1 year experience in Web Application.
• Degree in Cyber Security or Security relevant disciplines is a plus.
• Certifications in offensive security: OSCP or OSWA or OSWE or CRTO or BSCP or similar is a plus.
• Comprehensive knowledge in Information Security practices on malware, phishing attacks, attack vectors and methods to protect against threats.
• Extensive Knowledge in Java, python or any relevant programming language.
• Malware development or reverse engineering experience is a plus.