Zimperium® is an industry leader in enterprise mobile security, being the first and only company to provide a complete mobile threat defense system that offers real-time, on device world-class protection against both known and unknown next generation of advanced mobile cyberattacks and malware.
Our MTD and award-winning machine learning-based engine protects against device, network, phishing and application attacks for IOS, Android and Windows devices, using a non-intrusive approach to always protect privacy of users.
As part of our fast-growing pace, we are currently looking for an experienced Mobile Application Penetration Tester with deep expertise in security assessments of iOS and Android applications. The role requires advanced skills in runtime analysis, exploit development, and Red Team methodologies. You will be responsible for simulating real-world adversarial attacks, uncovering critical vulnerabilities, and working closely with stakeholders to strengthen the security posture of mobile ecosystems.
Key Responsibilities:
Required Skills & Experience:
- 5+ years of experience in penetration testing, with at least 3 years focused on iOS and Android mobile applications.
Strong knowledge of OWASP Mobile Top 10, and NIST mobile security guidelines.
Expertise in:
Static & Reverse Engineering: Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI.
Dynamic & Runtime Testing: Frida, Objection, Cycript, LLDB, Xposed.
Automation/Frameworks: MobSF, Drozer, Appium (for automation-assisted testing).
Proxying & Interception: Burp Suite Pro, OWASP ZAP, MITM tools
Solid understanding of mobile OS internals (Android security model, iOS security architecture, Keychain, Secure Enclave, sandboxing).
Hands-on experience with jailbroken iOS and rooted Android devices for advanced exploitation.
Familiarity with cryptography, secure communications (TLS, cert pinning), and secure data storage techniques.
Ability to think like an attacker and perform creative exploitation beyond automated tool findings.
Preferred Certifications:
OSCP / OSEP / OSED (Offensive Security)
OSWE / OSMR (Offensive Security Web & Mobile certs)
EWPTX / EWAPT (eLearnSecurity)
CRTP / CRTE (Red Team certs)
CEH / CAP / API Security Testing (good to have, but not mandatory if strong hands-on skills)