Penetration Tester

Job description:

• Perform full-scope red team assessments targeting application frontends, APIs, and mobile backends using advanced offensive techniques.
• Conduct deep-dive Android and iOS mobile app pentesting, including dynamic analysis, reverse engineering, and mobile API abuse.
• Simulate sophisticated attacker behaviour to test and bypass authentication, authorization, encryption, and session management controls.
• Execute manual and chained exploitations across mobile apps (Android/iOS), APIs (REST/GraphQL), and web apps using OWASP Top 10, API Security Top 10, and MASVS guidelines.
• Develop custom scripts, payloads, and exploits to bypass WAFs, EDRs, and behavioural analytics tools.
• Exploit application logic flaws, insecure data storage, reverse engineering, and mobile API abuse scenarios.
• Perform system penetration testing on various platforms including Windows, Linux, and network devices.
• Collaborate with threat intel and detection teams to emulate threat actor TTPs mapped to MITRE ATT&CK (Enterprise & Mobile).
• Provide detailed reporting with kill chains, PoCs, and mitigation strategies after each red team engagement.
• Simulate advanced persistent threats (APTs) and other sophisticated attack scenarios.
• Maintain offensive tooling and environments for mobile app and API security assessments
• Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10.
• Knowledge of securing APIs & experience in Web & Mobile applications, micro-services, and common vulnerabilities.
• Understanding compliance standards such as PCI-DSS, GDPR, ISO27001 in context with mobile, web app, infra and api security.
• Strong programming or scripting skills for analysing and exploiting vulnerabilities.
• Demonstrate written and verbal communication skills, as well as the ability to work with multiple teams and stakeholders.
• Familiarity with Jira and Confluence or any similar tools.
• Candidates must hold at least one of the following recognized security certifications: CEH, eMAPT, OSCP, eWPT.

Common responsibilities:

• Comply to Avrioc’s Information security and Information service management policies, procedures, and standards.
• Maintain confidentiality and integrity of information and attend mandatory Information security trainings.
• Report information security incidents through Avrioc’s established incident reporting channel.