Security Consultant (Penetration Testing)

Security Consultant

Core Responsibilities & Technical Requirements

• Strong hands-on experience performing compliance testing of mobile applications that meet certain Technology Security Standards and regulatory/industries requirements, eg MAS TRM, OWASP MSTG

• In-depth knowledge of iOS/android architecture, including their underlying security mechanisms • Experienced with performing secure code review of Swift / Kotlin/Objective-C and Java applications.

• Proficient with various reverse engineering tools such as IDA Pro, Ghidra, as well as Frida.re hooking framework or equivalent.

• Knowledge of RM architectures (armeabi-v7a, arm64-v8a, etc) an advantage.

• Experience analyzing and bypassing various security mechanisms commonly present in mobile applications (SSL pinning, root/jailbreak detection, anti [tampering, in-app VPN, etc).

• Ability to develop BURP extensions to aid with mobile and web application tests.

• Solid experience conducting Web Application Penetration tests following industry standards methodologies.

• Ability to conduct comprehensive source code reviews across multiple languages (mobile, web, backend).

• Web & Infrastructure Security Testing

Qualifications & Skills

• Bachelor's degree in Computer Science, Information Security, or related discipline.

• Minimum 2 years of hands-on penetration testing or relevant offensive security experience. .

• CREST CRT certification mandatory.

• Additional certifications such as OSCP, OSCE, OSEE, OSWE, Red Teaming, Cloud Security, Artificial Intelligence security credentials are advantageous.

• Excellent oral and written communication skills, including the ability to present technical findings. • Strong organizational and time management skills; able to manage multiple engagements and meet tight deadlines.

• Self-motivated, proactive and able to work independently or as part of a team.