Home

Job Title: Mobile Application Security Lead (AppSec)

Location: Mumbai

Experience Required: 4–5 Years

Job Type: Full-time, On-site


Job Overview:

Talakunchi Networks Pvt Ltd is seeking a skilled and motivated Mobile Application Security Lead to oversee and deliver comprehensive security assessments across Android and iOS platforms. The ideal candidate will have a strong background in mobile app penetration testing and will serve as both a technical lead and client-facing expert, ensuring high-quality delivery across multiple engagements.


Key Responsibilities:

  • Lead and execute mobile app security testing for Android and iOS platforms.
  • Perform both automated and manual penetration testing including:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Runtime instrumentation and analysis
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Runtime instrumentation and analysis
  • Reverse engineer APKs/IPAs to identify vulnerabilities such as hardcoded secrets and logic flaws.
  • Identify and report security issues based on OWASP Mobile Top 10, insecure storage, transport layer issues, and platform-specific flaws.
  • Use advanced tools: Frida, Objection, MobSF, Burp Suite, Jadx, APKTool, Xposed, Postman, etc.
  • Prepare detailed technical reports with:
    • Risk ratings (CVSSv4/custom)
    • Proof of Concept (PoC)
    • Practical remediation recommendations
  • Risk ratings (CVSSv4/custom)
  • Proof of Concept (PoC)
  • Practical remediation recommendations
  • Interact with client-side stakeholders such as AppDev, QA, and InfoSec teams.
  • Review and validate deliverables prepared by junior team members.
  • Assist in pre-sales efforts: scope definition, effort estimation, and technical discussions.
  • Mentor and train junior security analysts in mobile AppSec practices.
  • Stay up-to-date with the latest mobile vulnerabilities, trends, and tools.
  • Lead and execute mobile app security testing for Android and iOS platforms.
  • Perform both automated and manual penetration testing including:
    • Static Application Security Testing (SAST)
    • Dynamic Application Security Testing (DAST)
    • Runtime instrumentation and analysis
  • Reverse engineer APKs/IPAs to identify vulnerabilities such as hardcoded secrets and logic flaws.
  • Identify and report security issues based on OWASP Mobile Top 10, insecure storage, transport layer issues, and platform-specific flaws.
  • Use advanced tools: Frida, Objection, MobSF, Burp Suite, Jadx, APKTool, Xposed, Postman, etc.
  • Prepare detailed technical reports with:
    • Risk ratings (CVSSv4/custom)
    • Proof of Concept (PoC)
    • Practical remediation recommendations
  • Interact with client-side stakeholders such as AppDev, QA, and InfoSec teams.
  • Review and validate deliverables prepared by junior team members.
  • Assist in pre-sales efforts: scope definition, effort estimation, and technical discussions.
  • Mentor and train junior security analysts in mobile AppSec practices.
  • Stay up-to-date with the latest mobile vulnerabilities, trends, and tools.


Required Skills:

  • Strong understanding of mobile security architecture, Android/iOS internals, and sandboxing
  • In-depth knowledge of OWASP Mobile Top 10 and MASVS
  • Proficient in tools such as:
    • Frida, Objection, Burp Suite, MobSF, Charles Proxy, APKTool, Jadx
    • Postman/Insomnia for API testing
  • Frida, Objection, Burp Suite, MobSF, Charles Proxy, APKTool, Jadx
  • Postman/Insomnia for API testing
  • Experience with Jailbreaking/Rooting, SSL pinning bypass, and secure coding practices
  • Familiarity with software development life cycle (SDLC) and CI/CD environments
  • Experience in ticketing systems like Jira, ServiceNow, etc.
  • Strong understanding of mobile security architecture, Android/iOS internals, and sandboxing
  • In-depth knowledge of OWASP Mobile Top 10 and MASVS
  • Proficient in tools such as:
    • Frida, Objection, Burp Suite, MobSF, Charles Proxy, APKTool, Jadx
    • Postman/Insomnia for API testing
  • Experience with Jailbreaking/Rooting, SSL pinning bypass, and secure coding practices
  • Familiarity with software development life cycle (SDLC) and CI/CD environments
  • Experience in ticketing systems like Jira, ServiceNow, etc.


Preferred Certifications:

  • CEH
  • eMAPT
  • eWPTXv2


Bonus Points For:

  • Knowledge of mobile CI/CD security pipeline
  • Familiarity with banking/fintech security standards (RBI, PCI DSS, etc.)
  • Experience in effort estimation and VAPT project planning



View all job openings