Mobile Tester III

TITLE: Sr. Penetration Tester (Android)
WHO we're looking for:
We are looking for a Sr. Penetration Tester (Android) who will be responsible for working as part of the Development Quality Innovation (DQI) lab in a dual role. First, to research new automation tools as well as take current tools and refine them to our needs. Second, act as a centralized QI group to provide quality assessment and penetration testing operations.
This duality provides a unique opportunity to explore new concepts in different technologies and perform original research in the quality and security domain.
Role and Responsibilities:

• Develop expertise in our product solutions, deep diving into design/architecture, & execute white box and black box penetration scenarios.

• Plan, scope and conduct vulnerability assessment/ Penetration test on internal / external facing public assets such as Web application, Android platform, Android Apps, Backend APIs, and Cloud services.

• Research & and conduct adversary simulation for known security threats and identify Client attack vectors to test a system's relative security readiness.

• Conduct Threat modelling, Threat Intelligence and scoping with stakeholders.

• ssist in creating and maintaining internal penetration testing and practice within QA team, managing vulnerabilities and tracking until closure.

• Build Test harness & required Automation suites and validate attack vectors in Threat Lab.

• Co-ordinate with program management, security architects at Internal & offshore sites.

• Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices.

• Research and developing exploits for zero-day vulnerabilities.

• Conduct penetration test on IOT and Firmware Devices.

Necessary Skills and Attributes:

• Self-motivated individual with the ability to thrive in a team-based or independent environment.

• Detail-oriented with strong organization skills.

• bility to work in a fast-paced environment.

• Limited supervision and the exercise of discretion.

• Blog post on security research, CVEs, walkthroughs or PoCs on security domain is a plus.