Cyber Security Specialist – Application Security (AppSec)

About the role

We are looking for a hands‑on Application Security expert to own security delivery within fixed‑price SDLC projects. You will be directly responsible for ensuring that mobile applications are shipped securely, not just documented.

Key responsibilities

• Perform security assessments of Android and iOS applications, including reverse engineering of APK/IPA files.
• Identify hard‑coded secrets, insecure storage, and exposed components through static and dynamic analysis.
• Test runtime protections such as SSL pinning, root/jailbreak detection, and validate OAuth, token handling, and local storage security.
• Conduct practical threat modeling and validate vulnerabilities with tools like Burp Suite and ZAP.
• Implement and tune SAST, DAST, SCA, API and container security scanning in CI/CD pipelines.
• Work closely with developers to remediate platform‑specific vulnerabilities and embed security gates in the delivery process.
• Operate within fixed‑price constraints, balancing security, timeline, and budget while taking ownership of outcomes.

Required profile

• Bachelor’s degree in Cybersecurity or a related field.
• 7+ years of experience in Cyber Security with a strong focus on Application Security.
• Hands‑on offensive or AppSec certifications (e.g., OSCP, GWAPT, eWPT).
• Proven experience in Secure SDLC and fixing vulnerabilities in code or pipelines.
• Ability to make security vs. delivery trade‑offs and act as a technical peer to developers.

Required skills

• Android and iOS mobile app security
• APK/IPA reverse engineering, static and dynamic analysis
• Frida, Objection, Burp Suite, OWASP MASVS, ZAP
• SSL pinning, root/jailbreak detection, OAuth, token handling
• SAST, DAST, SCA, API security scanning, container security scanning
• CI/CD security gates, threat modeling
• Cloud platforms (AWS, Azure, GCP) – nice to have
• Kubernetes / container security – nice to have