Home
Key Responsibilities
  • Perform security testing of Android and iOS mobile applications used in digital payment ecosystems
  • Conduct manual and automated mobile security testing aligned with:
  • OWASP Mobile Top 10
  • OWASP MASVS & MSTG
  • Identify vulnerabilities related to:
  • Insecure data storage
  • Weak cryptography
  • Insecure communication
  • Authentication & authorization flaws
  • Business logic issues in payment flows
  • Perform runtime instrumentation and dynamic analysis using:
  • Frida, Objection, Xposed
  • Reverse engineer mobile applications using:
  • APKTool, JADX (Android)
  • Basic iOS reverse engineering tools (class-dump, Hopper, Ghidra)
  • Intercept and analyze mobile traffic using:
  • Burp Suite (Mobile Assistant preferred)
  • mitmproxy / Charles Proxy
  • Test mobile backend APIs supporting payment workflows using:
  • Burp Suite, Postman
  • Validate security of payment features, including:
  • UPI, wallets, cards, tokenization
  • OTP, MFA, session management
  • Prepare high-quality vulnerability reports with:
  • Risk assessment
  • Proof of Concept (PoC)
  • Clear remediation guidance
  • Support retesting and vulnerability closure
  • Work closely with development and product teams to explain findings and fixes
R&D Mindset & Innovation (Mandatory)
  • Strong research-driven mindset to explore vulnerabilities beyond standard checklists
  • Ability to research and validate new attack vectors in mobile and FinTech environments
  • Regularly analyze:
  • New Android/iOS versions and security changes
  • Advanced bypass techniques (SSL pinning, root/jailbreak detection)
  • Develop custom test cases for complex payment and business logic scenarios
  • Contribute to:
  • Internal tools, scripts, and testing methodologies
  • Knowledge sharing and security best practices
  • Ability to independently validate false positives and negatives
Scripting & Automation Skills (Mandatory)
  • Hands-on scripting experience in one or more of the following:
  • Python – automation, PoC development, API testing
  • JavaScript – Frida hooks and runtime manipulation
  • Bash – automation and tooling
  • Ability to:
  • Write and modify custom Frida scripts
  • Automate repetitive testing and analysis tasks
  • Customize open-source tools for specific app behaviors
  • Strong understanding of secure coding flaws through runtime and code-level analysis
Mandatory Skills & Experience
  • 3–4 years of experience in mobile application security testing
  • Strong understanding of Android and iOS security architectures
  • Hands-on experience with:
  • MobSF, AndroBugs, QARK
  • Frida, Objection
  • Burp Suite
  • Experience testing BFSI / FinTech / Digital Payment applications
  • Strong knowledge of:
  • OWASP Mobile Top 10
  • OWASP API Top 10 (supporting APIs)
Good to Have
  • Exposure to PCI-DSS, RBI, or CERT-In security requirements
  • Experience with CI/CD integration for mobile security testing
  • Basic understanding of cloud and backend security supporting mobile apps
  • iOS security testing experience is a strong plus
 

Required Skills

Application Security burp suite Mobile Appsec security testing VAPT Appsec
View all job openings