Sr. Penetration Tester (Android)/Mobile Tester

The client is looking for a Sr. Penetration Tester (Android) who will be responsible for working in a dual role as part of their Development Quality Innovation (DQI) lab. First, to research new automation tools as well as take current tools and refine them to our needs. Second, act as a centralized QI group to provide quality assessment and penetration testing operations.

This duality provides a unique opportunity to explore new concepts in different technologies and perform original research in the quality and security domain.

**No C2C resumes are considered**

• Develop expertise in our product solutions, deep dive into design/architecture, & execute white box and black box penetration scenarios.
• Plan, scope, and conduct vulnerability assessment/ Penetration tests on internal/external facing public assets such as Web applications, Android platforms, Android Apps, Backend APIs, and Cloud services.
• Research & and conduct adversary simulation for known security threats and identify novel attack vectors to test a system’s relative security readiness.
• Conduct Threat modeling, Threat Intelligence, and scoping with stakeholders.
• Assist in creating and maintaining internal penetration testing and practice within the QA team, managing vulnerabilities, and tracking until closure.
• Build a Test harness & required Automation suites and validate attack vectors in Threat Lab.
• Coordinate with program management and security architects at Internal & offshore sites.
• Stays up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices.
• Research and development of exploits for zero-day vulnerabilities.
• Conduct penetration tests on IOT and firmware devices.

• 5+ years’ experience in Penetration testing, including 3+ years experience in Android and 1+ years experience in Web Applications.
• Education: A Master's or Bachelor's degree in computers or related fields is required.
• Android pen testing is a must to have (Pen testing with any type of Android device).
• Experience with identifying high-critical vulnerabilities is also a must-have requirement.
• The team will also focus/consider on the number of vulnerabilities found throughout your career.
• Web penetration testing on Android devices is also considered.
• Good knowledge of Java, Python, and any relevant programming language (understanding how the code functions is highly required).
• Certifications in offensive security: OSCP or OSWA or OSWE or CRTO or BSCP or similar is a plus.
• Comprehensive knowledge of Information Security practices on malware, phishing attacks, attack vectors, and methods to protect against threats.
• Self-motivated individual with the ability to thrive in a team-based or independent environment.
• Detail-oriented with strong organizational skills.
• Ability to work in a fast-paced environment.
• Limited supervision and the exercise of discretion.
• Malware development or reverse engineering experience is a plus.
• A degree in Cyber Security or Security relevant disciplines is a plus.
• Blog posts on security research, CVEs, walkthroughs, or PoCs in the security domain are a plus.

Thank you!

FocusKPI Hiring Team

Founded in 2010, FocusKPI, Inc. (FocusKPI) is a data science and technology firm specializing in predictive analytics practice and methodologies. FocusKPI is a US company headquartered in Silicon Valley, California, with an East Coast office in Boston, Massachusetts.

NOTICE: Please be aware of fraudulent emails regarding job postings, job offers and fake checks. FocusKPI's recruiting team will strictly reach out via @focuskpi.com email domain. If you have received fraudulent emails now or in the past, please report it to https://reportfraud.ftc.gov/ .
The domain @focuskpijobs.com is fraudulent and not related to FocusKPI. Please do not not reply or communicate to anyone with @focuskpijobs.com.