Sr. Android Application Security Analyst

Delhi/Mumbai | Experience: 3 to 7 years

Core Responsibilities

  • Primary responsibility would be to perform Vulnerability Assessment & Penetration Testing as well as Source Code Review of Android Applications and articulate reports of the assessment and present findings to various stakeholders as well as support clients in patching the identified vulnerabilities
  • Perform Android Application Vulnerability Assessment & Penetration Testing
  • Review Android Application Source Code for Source Code Review
  • Write in-house tools, extenders and automated scripts
  • Create / Enhance methodology and process documents
  • Present identified security issues to the stakeholders
  • Contribute to internal Research & Development initiatives

Experience and Qualifications

  • M.Tech or B.Tech / B.E./BCA in Computer Science or Information Technology
  • Hands-on experience of security assessment of Android applications.
  • Good understanding of Java development.
  • Good Understanding of secure code review of Android applications.
  • Hands-on experience of security assessment of Web applications/API security.
  • Experience on working with tools for runtime analysis of Android applications: FRIDA, Xposed Framework, Objection, MobSF, Insepeckage etc.
  • Knowledge of Linux operating system
  • Good Knowledge of any one scripting language (Python, Shell Script, JS etc.) for automation of security test cases.
  • Good understanding of Tool - Burp Suite
  • Basic understanding of tools like HP Fortify, IBM App Scan, Acunetix etc.
  • Any two skills from additional skill are mandatory
  • Team Management
  • Good understanding of Android development.
  • Experience on working with native as well as hybrid application development methodology.
  • Basic understanding of Kotlin.
  • Good understanding of network security assessment.
  • Hands-on experience of building Burp extenders.
  • Security certifications like OSCP, OSCE, CRT, SLAE would be a plus.
  • Reverse engineering native code using tools such as IDA Pro, Hex-Rays Ollydbg etc.
  • Security analysis of applications built on hybrid technology such as Xamarin, Apache Cordova, Worklight, Ionic framework etc.