Sr. Android Penetration Tester

Sr. Android Penetration TesterJob Description:A global device company is seeking a Sr. Security and Penetration Specialist to join their security research and testing team. This role will be responsible for penetration testing, vulnerability research, and adversary simulation to assess and improve the security of Android applications, backend APIs, cloud services, and web applications.This is a high-visibility, mission-critical role that involves working on real-world attack simulations, security assessments, and vulnerability tracking. The ideal candidate will be an expert in Android penetration testing, capable of conducting in-depth security research and collaborating cross-functionally with security engineers, program managers, and developers.Responsibilities:Design and execute penetration testing strategies for Android platforms, Android apps, backend APIs, web applications, and cloud services.Perform white-box and black-box penetration testing to identify and exploit vulnerabilities.Analyze and replicate real-world attack vectors to assess security risks.Conduct threat modeling reviews in collaboration with security engineers.Research and track vulnerabilities (CVEs), assessing their impact on internal systems.Monitor emerging threats and novel attack vectors related to Android security.Conduct adversary simulations based on recent security threats.Research and develop zero-day exploits for security testing purposes.Simulate real-world cyberattacks and provide remediation recommendations.Report security vulnerabilities to engineering teams and collaborate on remediation efforts.Engage in one-on-one discussions with engineers to explain security findings.Occasionally assist in team-wide security briefings or presentations (major presentations will be handled by other team members).Work closely with offshore security teams and program management to align security strategies.Required Skillset:5+ years of penetration testing experience, including 2+ years of Android penetration testing and 1+ year of web application penetration testing.Strong understanding of malware, phishing attacks, attack vectors, and security best practices.Experience in at least one programming language (Java or Python preferred).Knowledge of penetration testing tools, threat modeling, and security frameworks.Ability to conduct security research, CVE analysis, and adversary simulation.Strong communication skills to work cross-functionally with engineering and security teams.Experience working in corporate environments with internal penetration testing teams (preferred over agency-based consulting experience).Bachelor's degree in either Cybersecurity, Computer Science, Information Security, or related field.Bonus Skillset:Certifications in offensive security, such as OSCP, OSWA, OSWE, CRTO, BSCP, or similar.Published CVEs, blog posts, or walkthroughs on security research.Malware development and reverse engineering experience (highly preferred).Experience working in top security consulting firms or in-house red teams at major tech companies.Hands-on experience with firmware penetration testing and IoT security.Type: ContractDuration: 12+ monthsLocation: Mountain View, CA (Onsite - 5 days/week)Pay Rate Range: $62 - $80/hr

Created: 2025-02-19