Wipro
Mobile Pen Tester
Full‑time position in Minneapolis, MN.
Responsibilities
Perform mobile app penetration testing on Android and iOS applications, applying OWASP MASVS/MASTG guidelines and documenting coverage.
Conduct static and dynamic analysis using tools such as MobSF, JADX, Hopper, Ghidra, ClassyShark, Frida, Objection, and Xposed.
Bypass root/jailbreak detection, debugger checks, and anti‑tampering mechanisms; exploit vulnerabilities related to insecure data storage, communication, authentication/session management, platform usage, and code injection/runtime manipulation.
Use mobile device management (MDM) and platform‑specific security features (Android Keystore, iOS Keychain, ATS, biometric authentication) during testing.
Intercept SSL/TLS traffic and bypass certificate pinning with mitmproxy, Charles Proxy, and custom scripts.
Perform web and API penetration testing on modern web applications and APIs, applying OWASP Top 10, API Security Top 10, and SANS Top 25 knowledge.
Identify and exploit business logic flaws, access control issues, and chain exploits to demonstrate real‑world impact using Burp Suite, Postman/Insomnia, and custom scripts.
Write and maintain custom automation scripts (Python, PowerShell, Bash, Ruby, Go) to streamline testing workflows.
Leverage networking tools (Nmap, Metasploit, Kali Linux) to support security assessments.
Ensure customer centricity by providing appropriate cybersecurity guidance and monitoring log sources and security access.
Plan disaster recovery and respond to security incidents, including 24/7 L1 incident escalation.
Use advanced analytics tools to detect emerging threat patterns and conduct remedial attack analysis.
Coordinate with stakeholders, maintain risk registers, and assist with internal and external audits.
Develop and deliver cyber‑security awareness training and provide employee guidance on email threats.
Qualifications
5–8 years of hands‑on experience in mobile penetration testing and web/API security.
In‑depth knowledge of OWASP MASVS/MASTG, OWASP Top 10, API Security Top 10, and SANS Top 25.
Proficiency with static/dynamic analysis tools (MobSF, JADX, Hopper, Ghidra, ClassyShark, Frida, Objection, Xposed).
Strong scripting skills in Python, PowerShell, Bash, Ruby, or Go.
Experience with SSL/TLS interception, certificate pinning bypass, and anti‑tampering evasion.
Knowledge of mobile platform security (keystores, ATS, biometric authentication).
Familiarity with Nmap, Metasploit, Kali Linux, and custom automation.
Excellent understanding of authentication protocols (OAuth, SAML, JWT) and network fundamentals.
Compensation $60,000 – $135,000 annually, commensurate with experience.
Benefits Medical and dental coverage, disability insurance, paid time off (including sick leave), and additional leave options per company policy.
Equal Employment Opportunity Wipro provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, veteran status, or sexual orientation. Veterans and people with disabilities are explicitly welcome.
#J-18808-Ljbffr
Responsibilities
Perform mobile app penetration testing on Android and iOS applications, applying OWASP MASVS/MASTG guidelines and documenting coverage.
Conduct static and dynamic analysis using tools such as MobSF, JADX, Hopper, Ghidra, ClassyShark, Frida, Objection, and Xposed.
Bypass root/jailbreak detection, debugger checks, and anti‑tampering mechanisms; exploit vulnerabilities related to insecure data storage, communication, authentication/session management, platform usage, and code injection/runtime manipulation.
Use mobile device management (MDM) and platform‑specific security features (Android Keystore, iOS Keychain, ATS, biometric authentication) during testing.
Intercept SSL/TLS traffic and bypass certificate pinning with mitmproxy, Charles Proxy, and custom scripts.
Perform web and API penetration testing on modern web applications and APIs, applying OWASP Top 10, API Security Top 10, and SANS Top 25 knowledge.
Identify and exploit business logic flaws, access control issues, and chain exploits to demonstrate real‑world impact using Burp Suite, Postman/Insomnia, and custom scripts.
Write and maintain custom automation scripts (Python, PowerShell, Bash, Ruby, Go) to streamline testing workflows.
Leverage networking tools (Nmap, Metasploit, Kali Linux) to support security assessments.
Ensure customer centricity by providing appropriate cybersecurity guidance and monitoring log sources and security access.
Plan disaster recovery and respond to security incidents, including 24/7 L1 incident escalation.
Use advanced analytics tools to detect emerging threat patterns and conduct remedial attack analysis.
Coordinate with stakeholders, maintain risk registers, and assist with internal and external audits.
Develop and deliver cyber‑security awareness training and provide employee guidance on email threats.
Qualifications
5–8 years of hands‑on experience in mobile penetration testing and web/API security.
In‑depth knowledge of OWASP MASVS/MASTG, OWASP Top 10, API Security Top 10, and SANS Top 25.
Proficiency with static/dynamic analysis tools (MobSF, JADX, Hopper, Ghidra, ClassyShark, Frida, Objection, Xposed).
Strong scripting skills in Python, PowerShell, Bash, Ruby, or Go.
Experience with SSL/TLS interception, certificate pinning bypass, and anti‑tampering evasion.
Knowledge of mobile platform security (keystores, ATS, biometric authentication).
Familiarity with Nmap, Metasploit, Kali Linux, and custom automation.
Excellent understanding of authentication protocols (OAuth, SAML, JWT) and network fundamentals.
Compensation $60,000 – $135,000 annually, commensurate with experience.
Benefits Medical and dental coverage, disability insurance, paid time off (including sick leave), and additional leave options per company policy.
Equal Employment Opportunity Wipro provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, veteran status, or sexual orientation. Veterans and people with disabilities are explicitly welcome.
#J-18808-Ljbffr