Mobile Appsec - SME

Key Responsibilities

• Perform security testing of Android and iOS mobile applications used in digital payment ecosystems
• Conduct manual and automated mobile security testing aligned with:
• OWASP Mobile Top 10
• OWASP MASVS & MSTG
• Identify vulnerabilities related to:
• Insecure data storage
• Weak cryptography
• Insecure communication
• Authentication & authorization flaws
• Business logic issues in payment flows
• Perform runtime instrumentation and dynamic analysis using:
• Frida, Objection, Xposed
• Reverse engineer mobile applications using:
• APKTool, JADX (Android)
• Basic iOS reverse engineering tools (class-dump, Hopper, Ghidra)
• Intercept and analyze mobile traffic using:
• Burp Suite (Mobile Assistant preferred)
• mitmproxy / Charles Proxy
• Test mobile backend APIs supporting payment workflows using:
• Burp Suite, Postman
• Validate security of payment features, including:
• UPI, wallets, cards, tokenization
• OTP, MFA, session management
• Prepare high-quality vulnerability reports with:
• Risk assessment
• Proof of Concept (PoC)
• Clear remediation guidance
• Support retesting and vulnerability closure
• Work closely with development and product teams to explain findings and fixes
  
  

• Strong research-driven mindset to explore vulnerabilities beyond standard checklists
• Ability to research and validate new attack vectors in mobile and FinTech environments
• Regularly analyze:
• New Android/iOS versions and security changes
• Advanced bypass techniques (SSL pinning, root/jailbreak detection)
• Develop custom test cases for complex payment and business logic scenarios
• Contribute to:
• Internal tools, scripts, and testing methodologies
• Knowledge sharing and security best practices
• Ability to independently validate false positives and negatives
  
  

• Hands-on scripting experience in one or more of the following:
• Python – automation, PoC development, API testing
• JavaScript – Frida hooks and runtime manipulation
• Bash – automation and tooling
• Ability to:
• Write and modify custom Frida scripts
• Automate repetitive testing and analysis tasks
• Customize open-source tools for specific app behaviors
• Strong understanding of secure coding flaws through runtime and code-level analysis
  
  

• 3–4 years of experience in mobile application security testing
• Strong understanding of Android and iOS security architectures
• Hands-on experience with:
• MobSF, AndroBugs, QARK
• Frida, Objection
• Burp Suite
• Experience testing BFSI / FinTech / Digital Payment applications
• Strong knowledge of:
• OWASP Mobile Top 10
• OWASP API Top 10 (supporting APIs)
  
  

• Exposure to PCI-DSS, RBI, or CERT-In security requirements
• Experience with CI/CD integration for mobile security testing
• Basic understanding of cloud and backend security supporting mobile apps
• iOS security testing experience is a strong plus