Himalayas logo
ZimperiumZI

Mobile Application Penetration Tester (iOS & Android)

Zimperium is a global leader in mobile security, providing AI-driven, real-time, on-device protection against known and unknown mobile threats for applications and devices.

Zimperium

Employee count: 201-500

India only
Zimperium® is an industry leader in enterprise mobile security, being the first and only company to provide a complete mobile threat defense system that offers real-time, on device world-class protection against both known and unknown next generation of advanced mobile cyberattacks and malware.
Our MTD and award-winning machine learning-based engine protects against device, network, phishing and application attacks for IOS, Android and Windows devices, using a non-intrusive approach to always protect privacy of users.
As part of our fast-growing pace, we are currently looking for an experienced Mobile Application Penetration Tester with deep expertise in security assessments of iOS and Android applications. The role requires advanced skills in runtime analysis, exploit development, and Red Team methodologies. You will be responsible for simulating real-world adversarial attacks, uncovering critical vulnerabilities, and working closely with stakeholders to strengthen the security posture of mobile ecosystems.

Key Responsibilities:

  • Conduct end-to-end penetration testing of iOS and Android mobile applications, including static, dynamic, and runtime analysis.
  • Assess mobile API integrations, authentication mechanisms, encryption protocols, and data storage security.
  • Identify and exploit vulnerabilities such as insecure data storage, weak cryptography, insecure communication, jailbreak/root bypasses, insecure code practices, and business logic flaws.
  • Use runtime instrumentation frameworks (Frida, Objection, Xposed) for dynamic testing and bypassing protections.
  • Perform certificate pinning bypass, hooking, and traffic interception using advanced proxying techniques.
  • Evaluate and attempt evasion of mobile app protections such as root/jailbreak detection, code obfuscation, anti-debugging, and tamper protection.
  • Develop custom scripts/exploits (Python, Java, Swift, Kotlin, or C++) for advanced testing scenarios.
  • Produce comprehensive penetration test reports, including risk ratings, proof-of-concept exploits, and actionable remediation steps.
  • Work closely with development and research security teams to embed secure SDLC practices.
Contribute to Red Team exercises by simulating adversarial attacks against mobile endpoints.

Required Skills & Experience:

  • 5+ years of experience in penetration testing, with at least 3 years focused on iOS and Android mobile applications.
Strong knowledge of OWASP Mobile Top 10, and NIST mobile security guidelines.
  • Expertise in:
Static & Reverse Engineering: Apktool, JADX, Ghidra, Hopper, IDA Pro, Radare2, JD-GUI.
Dynamic & Runtime Testing: Frida, Objection, Cycript, LLDB, Xposed.
Automation/Frameworks: MobSF, Drozer, Appium (for automation-assisted testing).
Proxying & Interception: Burp Suite Pro, OWASP ZAP, MITM tools
  • Solid understanding of mobile OS internals (Android security model, iOS security architecture, Keychain, Secure Enclave, sandboxing).
  • Hands-on experience with jailbroken iOS and rooted Android devices for advanced exploitation.
Familiarity with cryptography, secure communications (TLS, cert pinning), and secure data storage techniques.
  • Ability to think like an attacker and perform creative exploitation beyond automated tool findings.

Preferred Certifications:

OSCP / OSEP / OSED (Offensive Security)
OSWE / OSMR (Offensive Security Web & Mobile certs)
EWPTX / EWAPT (eLearnSecurity)
CRTP / CRTE (Red Team certs)
CEH / CAP / API Security Testing (good to have, but not mandatory if strong hands-on skills)
Zimperium, Inc. is a global leader in mobile device and app security, offering real-time, on-device protection against both known and unknown threats on Android, iOS and Chromebook endpoints. The company was founded under the premise that the then current state of mobile security was insufficient to solve the growing mobile security problem. At the time, most mobile security was a port from traditional endpoint security technologies.Zimperium recognized mobile devices had unique characteristics needing a completely new approach. The team set to work to reimagine how to protect mobile devices and developed the award winning, patented z9 machine learning-based engine.
Zimperium is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Mid-level

Location requirements

India

Hiring timezones

India +/- 0 hours

Job categories

Quality EngineeringEngineeringPenetration TesterSenior Penetration TesterLead Penetration TesterStaff Penetration TesterPenetration Testing Team LeadApplication Security Engineer

Skills

Security TestingStatic AnalysisDynamic AnalysisFridaObjectionCycriptAPKToolGhidraIDA ProJavaKotlinAppiumiOSWindowsZAPBurp suitePort

About Zimperium

Learn more about Zimperium and their company culture.

View company profile

At the heart of Zimperium lies a steadfast mission: to secure what matters in an increasingly mobile-centric world. As a global leader in mobile security, Zimperium is dedicated to protecting enterprises and governments from the ever-evolving landscape of advanced mobile threats. The company's culture is built upon a foundation of core values: to innovate fearlessly, serve with integrity, and consistently 'wow' their customers. This commitment drives their proactive approach to cybersecurity, empowering organizations to operate with confidence and security in today's dynamic digital environment. Zimperium provides unparalleled protection for mobile devices that access corporate data and secures the mobile applications essential to both customer-facing and internal enterprise operations. Their technology empowers enterprises around the globe to fortify their mobile environments and applications without depending on cloud-based detection or suffering delays from updates, ensuring that both mobile devices and applications remain secure and resilient against emerging threats.

Zimperium's innovative spirit is embodied in its pioneering z9™ machine learning engine, which offers real-time, on-device protection against a wide array of mobile threats, including device compromises, network attacks, phishing attempts, and malicious applications. This AI-driven, autonomous security is purpose-built for mobile environments, enabling Zimperium to counter sophisticated attacks, including zero-day threats. The company's comprehensive solutions, such as the Zimperium Mobile Threat Defense (MTD) and the Mobile Application Protection Suite (MAPS), provide a unified platform for securing everything from mobile endpoints to applications throughout their entire lifecycle. Zimperium's dedication to staying ahead of cybercriminals who employ mobile-first attack strategies is unwavering, as they continuously strive to deliver proactive and unmatched protection for the mobile apps that run businesses and the mobile devices relied upon by employees worldwide. This focus on innovation and comprehensive security has established Zimperium as a trusted partner for organizations seeking to navigate the complexities of mobile security with assurance.

Employee benefits

Learn about the employee benefits and perks provided at Zimperium.

View benefits

Competitive Pay

Zimperium offers a competitive salary.

Healthcare

Healthcare benefits are provided to employees.

Career Development

Opportunities for career development are offered.

Flexible Working Hours

Zimperium offers flexible working arrangements and flex hours.

View Zimperium's employee benefits
Claim this profileZimperium logoZI

Zimperium

Company size

201-500 employees

Founded in

2010

Chief executive officer

Shridhar Mittal

Markets

Application SecurityZero Trust SecurityCybersecurityMobile SecurityEnterprise SecurityGovernment TechnologyMachine LearningArtificial IntelligenceEndpoint ProtectionThreat Detection and Response

Employees live in

United States
View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

9 remote jobs at Zimperium

Explore the variety of open remote roles at Zimperium, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Zimperium
Top remote companies

Remote companies like Zimperium

Find your next opportunity by exploring profiles of companies that are similar to Zimperium. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan
Save
Apply now