* Strong hands-on experience performing compliance testing of mobile applications that meet certain Technology Security Standardsand regulatory/industries requirements, eg MAS TRM, OWASP MSTG
* In-depth knowledge of iOS/android architecture, including their underlying security mechanisms
* Experienced with performing secure code review of Swift / Kotlin/Objective-C and Java applications.
* Proficient with various reverse engineering tools such as IDA Pro, Ghidra, as well as Frida.re hooking framework or equivalent
* Knowledge of RM architectures (armeabi-v7a, arm64-v8a, etc) an advantage.
* Experience analyzing and bypassing various security mechanisms commonly present in mobile applications (SSL pinning,root/jailbreak detection, anti [tampering, in-app VPN, etc).
* Ability to develop BURP extensions to aid with mobile and web application tests.
* Solid experience conducting Web Application Penetration tests following industry standards methodologies.
* Ability to conduct comprehensive source code reviews across multiple languages (mobile, web, backend).
* Web & Infrastructure Security Testing
Qualifications & Skills
* Bachelor’s degree in Computer Science, Information Security, or related discipline.
* Minimum 2 years of hands-on penetration testing or relevant offensive security experience
* CREST CRT certification mandatory.
* Additional certifications such as OSCP, OSCE, OSEE, OSWE, Red Teaming, Cloud Security, Artificial Intelligence securitycredentials are advantageous.
* Excellent oral and written communication skills, including the ability to present technical findings.
* Strong organizational and time management skills; able to manage multiple engagements and meet tight deadlines.
* Self-motivated, proactive and able to work independently or as part of a team