Back to search
TalaKunchi Networks Pvt Ltd Linkedin · Posted 4mo ago

Mobile Appsec - SME

India

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Key Responsibilities

  • Perform security testing of Android and iOS mobile applications used in digital payment ecosystems
  • Conduct manual and automated mobile security testing aligned with:
  • OWASP Mobile Top 10
  • OWASP MASVS & MSTG
  • Identify vulnerabilities related to:
  • Insecure data storage
  • Weak cryptography
  • Insecure communication
  • Authentication & authorization flaws
  • Business logic issues in payment flows
  • Perform runtime instrumentation and dynamic analysis using:
  • Frida, Objection, Xposed
  • Reverse engineer mobile applications using:
  • APKTool, JADX (Android)
  • Basic iOS reverse engineering tools (class-dump, Hopper, Ghidra)
  • Intercept and analyze mobile traffic using:
  • Burp Suite (Mobile Assistant preferred)
  • mitmproxy / Charles Proxy
  • Test mobile backend APIs supporting payment workflows using:
  • Burp Suite, Postman
  • Validate security of payment features, including:
  • UPI, wallets, cards, tokenization
  • OTP, MFA, session management
  • Prepare high-quality vulnerability reports with:
  • Risk assessment
  • Proof of Concept (PoC)
  • Clear remediation guidance
  • Support retesting and vulnerability closure
  • Work closely with development and product teams to explain findings and fixes

R&D Mindset & Innovation (Mandatory)

  • Strong research-driven mindset to explore vulnerabilities beyond standard checklists
  • Ability to research and validate new attack vectors in mobile and FinTech environments
  • Regularly analyze:
  • New Android/iOS versions and security changes
  • Advanced bypass techniques (SSL pinning, root/jailbreak detection)
  • Develop custom test cases for complex payment and business logic scenarios
  • Contribute to:
  • Internal tools, scripts, and testing methodologies
  • Knowledge sharing and security best practices
  • Ability to independently validate false positives and negatives

Scripting & Automation Skills (Mandatory)

  • Hands-on scripting experience in one or more of the following:
  • Python – automation, PoC development, API testing
  • JavaScript – Frida hooks and runtime manipulation
  • Bash – automation and tooling
  • Ability to:
  • Write and modify custom Frida scripts
  • Automate repetitive testing and analysis tasks
  • Customize open-source tools for specific app behaviors
  • Strong understanding of secure coding flaws through runtime and code-level analysis

Mandatory Skills & Experience

  • 3–4 years of experience in mobile application security testing
  • Strong understanding of Android and iOS security architectures
  • Hands-on experience with:
  • MobSF, AndroBugs, QARK
  • Frida, Objection
  • Burp Suite
  • Experience testing BFSI / FinTech / Digital Payment applications
  • Strong knowledge of:
  • OWASP Mobile Top 10
  • OWASP API Top 10 (supporting APIs)

Good to Have

  • Exposure to PCI-DSS, RBI, or CERT-In security requirements
  • Experience with CI/CD integration for mobile security testing
  • Basic understanding of cloud and backend security supporting mobile apps
  • iOS security testing experience is a strong plus
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent