Home
Key Responsibilities
  • Perform security testing of Android and iOS mobile applications used in digital payment ecosystems
  • Conduct manual and automated mobile security testing aligned with:
    • OWASP Mobile Top 10
    • OWASP MASVS & MSTG
  • OWASP Mobile Top 10
  • OWASP MASVS & MSTG
  • Identify vulnerabilities related to:
    • Insecure data storage
    • Weak cryptography
    • Insecure communication
    • Authentication & authorization flaws
    • Business logic issues in payment flows
  • Insecure data storage
  • Weak cryptography
  • Insecure communication
  • Authentication & authorization flaws
  • Business logic issues in payment flows
  • Perform runtime instrumentation and dynamic analysis using:
    • Frida, Objection, Xposed
  • Frida, Objection, Xposed
  • Reverse engineer mobile applications using:
    • APKTool, JADX (Android)
    • Basic iOS reverse engineering tools (class-dump, Hopper, Ghidra)
  • APKTool, JADX (Android)
  • Basic iOS reverse engineering tools (class-dump, Hopper, Ghidra)
  • Intercept and analyze mobile traffic using:
    • Burp Suite (Mobile Assistant preferred)
    • mitmproxy / Charles Proxy
  • Burp Suite (Mobile Assistant preferred)
  • mitmproxy / Charles Proxy
  • Test mobile backend APIs supporting payment workflows using:
    • Burp Suite, Postman
  • Burp Suite, Postman
  • Validate security of payment features, including:
    • UPI, wallets, cards, tokenization
    • OTP, MFA, session management
  • UPI, wallets, cards, tokenization
  • OTP, MFA, session management
  • Prepare high-quality vulnerability reports with:
    • Risk assessment
    • Proof of Concept (PoC)
    • Clear remediation guidance
  • Risk assessment
  • Proof of Concept (PoC)
  • Clear remediation guidance
  • Support retesting and vulnerability closure
  • Work closely with development and product teams to explain findings and fixes
  • Perform security testing of Android and iOS mobile applications used in digital payment ecosystems
  • Conduct manual and automated mobile security testing aligned with:
    • OWASP Mobile Top 10
    • OWASP MASVS & MSTG
  • Identify vulnerabilities related to:
    • Insecure data storage
    • Weak cryptography
    • Insecure communication
    • Authentication & authorization flaws
    • Business logic issues in payment flows
  • Perform runtime instrumentation and dynamic analysis using:
    • Frida, Objection, Xposed
  • Reverse engineer mobile applications using:
    • APKTool, JADX (Android)
    • Basic iOS reverse engineering tools (class-dump, Hopper, Ghidra)
  • Intercept and analyze mobile traffic using:
    • Burp Suite (Mobile Assistant preferred)
    • mitmproxy / Charles Proxy
  • Test mobile backend APIs supporting payment workflows using:
    • Burp Suite, Postman
  • Validate security of payment features, including:
    • UPI, wallets, cards, tokenization
    • OTP, MFA, session management
  • Prepare high-quality vulnerability reports with:
    • Risk assessment
    • Proof of Concept (PoC)
    • Clear remediation guidance
  • Support retesting and vulnerability closure
  • Work closely with development and product teams to explain findings and fixes
R&D Mindset & Innovation (Mandatory)
  • Strong research-driven mindset to explore vulnerabilities beyond standard checklists
  • Ability to research and validate new attack vectors in mobile and FinTech environments
  • Regularly analyze:
    • New Android/iOS versions and security changes
    • Advanced bypass techniques (SSL pinning, root/jailbreak detection)
  • New Android/iOS versions and security changes
  • Advanced bypass techniques (SSL pinning, root/jailbreak detection)
  • Develop custom test cases for complex payment and business logic scenarios
  • Contribute to:
    • Internal tools, scripts, and testing methodologies
    • Knowledge sharing and security best practices
  • Internal tools, scripts, and testing methodologies
  • Knowledge sharing and security best practices
  • Ability to independently validate false positives and negatives
  • Strong research-driven mindset to explore vulnerabilities beyond standard checklists
  • Ability to research and validate new attack vectors in mobile and FinTech environments
  • Regularly analyze:
    • New Android/iOS versions and security changes
    • Advanced bypass techniques (SSL pinning, root/jailbreak detection)
  • Develop custom test cases for complex payment and business logic scenarios
  • Contribute to:
    • Internal tools, scripts, and testing methodologies
    • Knowledge sharing and security best practices
  • Ability to independently validate false positives and negatives
Scripting & Automation Skills (Mandatory)
  • Hands-on scripting experience in one or more of the following:
    • Python – automation, PoC development, API testing
    • JavaScript – Frida hooks and runtime manipulation
    • Bash – automation and tooling
  • Python – automation, PoC development, API testing
  • JavaScript – Frida hooks and runtime manipulation
  • Bash – automation and tooling
  • Ability to:
    • Write and modify custom Frida scripts
    • Automate repetitive testing and analysis tasks
    • Customize open-source tools for specific app behaviors
  • Write and modify custom Frida scripts
  • Automate repetitive testing and analysis tasks
  • Customize open-source tools for specific app behaviors
  • Strong understanding of secure coding flaws through runtime and code-level analysis
  • Hands-on scripting experience in one or more of the following:
    • Python – automation, PoC development, API testing
    • JavaScript – Frida hooks and runtime manipulation
    • Bash – automation and tooling
  • Ability to:
    • Write and modify custom Frida scripts
    • Automate repetitive testing and analysis tasks
    • Customize open-source tools for specific app behaviors
  • Strong understanding of secure coding flaws through runtime and code-level analysis
Mandatory Skills & Experience
  • 3–4 years of experience in mobile application security testing
  • Strong understanding of Android and iOS security architectures
  • Hands-on experience with:
    • MobSF, AndroBugs, QARK
    • Frida, Objection
    • Burp Suite
  • MobSF, AndroBugs, QARK
  • Frida, Objection
  • Burp Suite
  • Experience testing BFSI / FinTech / Digital Payment applications
  • Strong knowledge of:
    • OWASP Mobile Top 10
    • OWASP API Top 10 (supporting APIs)
  • OWASP Mobile Top 10
  • OWASP API Top 10 (supporting APIs)
  • 3–4 years of experience in mobile application security testing
  • Strong understanding of Android and iOS security architectures
  • Hands-on experience with:
    • MobSF, AndroBugs, QARK
    • Frida, Objection
    • Burp Suite
  • Experience testing BFSI / FinTech / Digital Payment applications
  • Strong knowledge of:
    • OWASP Mobile Top 10
    • OWASP API Top 10 (supporting APIs)
Good to Have
  • Exposure to PCI-DSS, RBI, or CERT-In security requirements
  • Experience with CI/CD integration for mobile security testing
  • Basic understanding of cloud and backend security supporting mobile apps
  • iOS security testing experience is a strong plus
 

Required Skills

Application Security burp suite Mobile Appsec security testing VAPT Appsec
View all job openings