Job Description

Sr. Android Penetration Tester

Job Description:

The Development Quality Innovation (DQI) lab in Mountain View has a dual role: first, to research new automation tools as well as take current tools and refine them to our needs; second, to act as a centralized QI group to provide quality assessment and penetration testing operations.

This duality provides a unique opportunity to explore new concepts in different technologies and perform original research in quality and security domains.

Responsibilities:

• Develop expertise in our product solutions, deep diving into design/architecture, and executing white box and black box penetration scenarios.
• Plan, scope, and conduct vulnerability assessments/penetration tests on internal/external-facing public assets such as web applications, Android platforms, Android apps, backend APIs, and cloud services.
• Research and conduct adversary simulations for known security threats and identify novel attack vectors to test a system’s relative security readiness.
• Conduct threat modeling, threat intelligence, and scoping with stakeholders.
• Assist in creating and maintaining internal penetration testing and practice within the QA team, managing vulnerabilities, and tracking until closure.
• Build test harnesses and required automation suites and validate attack vectors in the Threat Lab.
• Coordinate with program management and security architects at internal and offshore sites.
• Stay up to date on current tools, technologies, and vulnerabilities to incorporate into testing practices.
• Research and develop exploits for zero-day vulnerabilities.
• Conduct penetration testing on IoT and firmware devices.

Qualifications:

• 5+ years of experience in penetration testing, including 2+ years of experience in Android and 1+ year of experience in web application testing.
• Comprehensive knowledge of information security practices, including malware, phishing attacks, attack vectors, and methods to protect against threats.
• Extensive knowledge of Java, Python, or any relevant programming language.
• A degree in cybersecurity or security-relevant disciplines is a plus.

Nice to Have:

• Certifications in offensive security (e.g., OSCP, OSWA, OSWE, CRTO, BSCP, or similar).
• Blog posts on security research, CVEs, walkthroughs, or PoCs in the security domain.
• Malware development or reverse engineering experience.

Type: Contract

Duration: 12 months to start

Schedule: Onsite (5 days/week)

Pay Rate: $60 - $80/hr.

Job Tags

Similar Jobs