Mobile Application Penetration Tester (iOS & Android)

at Zimperium
🇮🇳 India - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

Zimperium® is an industry leader in enterprise mobile security, being the first and only company to provide a complete mobile threat defense system that offers real-time, on device world-class protection against both known and unknown next generation of advanced mobile cyberattacks and malware.

Our MTD and award-winning machine learning-based engine protects against device, network, phishing and application attacks for IOS, Android and Windows devices, using a non-intrusive approach to always protect privacy of users.

As part of our fast-growing pace, we are currently looking for an experienced Mobile Application Penetration Tester with deep expertise in security assessments of iOS and Android applications. The role requires advanced skills in runtime analysis, exploit development, and Red Team methodologies. You will be responsible for simulating real-world adversarial attacks, uncovering critical vulnerabilities, and working closely with stakeholders to strengthen the security posture of mobile ecosystems.

Key Responsibilities:

- Conduct end-to-end penetration testing of iOS and Android mobile applications, including static, dynamic, and runtime analysis.

- Assess mobile API integrations, authentication mechanisms, encryption protocols, and data storage security.

- Identify and exploit vulnerabilities such as insecure data storage, weak cryptography, insecure communication, jailbreak/root bypasses, insecure code practices, and business logic flaws.

- Use runtime instrumentation frameworks (Frida, Objection, Xposed) for dynamic testing and bypassing protections.

- Perform certificate pinning bypass, hooking, and traffic interception using advanced proxying techniques.

- Evaluate and attempt evasion of mobile app protections such as root/jailbreak detection, code obfuscation, anti-debugging, and tamper protection.

- Develop custom scripts/exploits (Python, Java, Swift, Kotlin, or C++) for advanced testing scenarios.

- Produce comprehensive penetration test reports, including risk ratings, proof-of-concept exploits, and actionable remediation steps.

- Work closely with development and research security teams to embed secure SDLC practices.

Contribute to Red Team exercises by simulating adversarial attacks against mobile endpoints.

Required Skills & Experience:

- 5+ years of experience in penetration testing, with at least 3 years focused on iOS and Android mobile applications.

Strong knowledge of OWASP Mobile Top 10, and NIST mobile security guidelines.

- Expertise in:

Static & Reverse Engineering: Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI.

Dynamic & Runtime Testing: Frida, Objection, Cycript, LLDB, Xposed.

Automation/Frameworks: MobSF, Drozer, Appium (for automation-assisted testing).

Proxying & Interception: Burp Suite Pro, OWASP ZAP, MITM tools

- Solid understanding of mobile OS internals (Android security model, iOS security architecture, Keychain, Secure Enclave, sandboxing).

- Hands-on experience with jailbroken iOS and rooted Android devices for advanced exploitation.

Familiarity with cryptography, secure communications (TLS, cert pinning), and secure data storage techniques.

- Ability to think like an attacker and perform creative exploitation beyond automated tool findings.

Preferred Certifications:

OSCP / OSEP / OSED (Offensive Security)

OSWE / OSMR (Offensive Security Web & Mobile certs)

EWPTX / EWAPT (eLearnSecurity)

CRTP / CRTE (Red Team certs)

CEH / CAP / API Security Testing (good to have, but not mandatory if strong hands-on skills)

Zimperium, Inc. is a global leader in mobile device and app security, offering real-time, on-device protection against both known and unknown threats on Android, iOS and Chromebook endpoints. The company was founded under the premise that the then current state of mobile security was insufficient to solve the growing mobile security problem. At the time, most mobile security was a port from traditional endpoint security technologies.Zimperium recognized mobile devices had unique characteristics needing a completely new approach. The team set to work to reimagine how to protect mobile devices and developed the award winning, patented z9 machine learning-based engine.

Zimperium is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.

Share this job:
Please let Zimperium know you found this job on Remote First Jobs 🙏

Latest Jobs at Zimperium

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply