Conduct comprehensive vulnerability assessments on web, mobile applications to identify security weaknesses, misconfigurations, and potential threats.
Use industry-standard tools and methodologies to scan and assess mobile app code, configurations, and network communication for vulnerabilities.
Penetration Testing:
Perform penetration testing on web, mobile environments to exploit vulnerabilities and evaluate the effectiveness of security controls.
Simulate real-world cyber-physical attacks on networks and devices, identifying vulnerabilities that could be exploited by threat actors targeting industrial systems.
Mobile App Testing:
Conduct in-depth testing of mobile applications on various platforms (iOS, Android) for security flaws including weak authentication, insecure protocols (e.g., Modbus, DNP3), and insecure firmware or configurations.
Reporting and Documentation:
Document and report security findings, including vulnerabilities, risks, and recommended remediation steps across web, mobile infrastructure.
Provide clear and concise reports to both technical and non-technical stakeholders.
Collaboration:
Collaborate with cross-functional teams to address and remediate identified vulnerabilities.
Act as a subject matter expert in mobile, providing guidance and risk mitigation strategies for critical systems and applications.
Security Best Practices:
Stay up to date with the latest threats, vulnerabilities, and industry best practices related to web, mobile.
Recommend and implement security improvements and measures to enhance the overall security posture of mobile applications and OT environments.
Compliance and Regulations:
Ensure compliance with industry standards and regulations such as OWASP Top Ten, SANS Top 25, IEC 62443, NIST SP 800-82.
Qualifications
5+ years of experience in vulnerability assessment and penetration testing, with a focus on mobile applications.
Familiarity with mobile app development frameworks and programming languages (e.g., Java, Kotlin, Swift, React Native).
Proficiency in using VAPT tools and methodologies (e.g., Burp Suite, OWASP ZAP, Nmap, Shodan, Metasploit Framework).
Security certifications such as CEH, CISSP, or equivalent (preferred).
Excellent communication skills and the ability to convey technical findings to non-technical stakeholders.
Strong problem-solving and analytical skills.
Ability to work independently and as part of a team.
