Senior Associate Cybersecurity Mid-Level Penetration Tester Web and Mobile Application

Ankura is a team of excellence founded on innovation and growth.

Practice Overview:

We are seeking a MidLevel Penetration Tester with a focus on Web API and Mobile Application security assessments to join our consulting team. This role requires not only handson penetration testing skills but also the ability to engage with clients provide security advisory services and offer remediation guidance. The ideal candidate will possess strong technical expertise and consulting skills to effectively communicate risks and solutions to both technical and nontechnical stakeholders. Occasionally the role may involve network and wireless penetration testing and social engineering.

This role is remote based in the United States.

Responsibilities:

Technical 75

• Conduct manual and automated penetration tests on web applications APIs (REST GraphQL SOAP) and mobile applications (Android/iOS).

• Perform blackbox graybox and whitebox assessments to identify and exploit security weaknesses.

• Utilize industrystandard tools such as Burp Suite Pro Postman OWASP ZAP MobSF APKTool Frida Objection and related tools.

• Perform source code reviews to identify security flaws in web and mobile applications.

• Develop and execute API security testing strategies including authentication/authorization testing token manipulation and business logic testing.

• Assess mobile app security through reverse engineering static analysis dynamic analysis and runtime instrumentation.

• Stay current with emerging vulnerabilities attack vectors and security best practices (e.g. OWASP Top 10 API Security Top 10 MASVS).

• Occasionally conduct network and wireless penetration testing to identify vulnerabilities in these areas.

Consulting & Client Engagement 25

• Effectively communicate findings risk impact and remediation strategies to clients including both technical and executivelevel audiences.

• Develop and deliver technical reports presentations and remediation guidance tailored to clients business needs.

• Collaborate with development teams security engineers and DevOps teams to implement secure coding practices.

• Conduct security training tabletop exercises and security awareness sessions for clients.

• Participate in client scoping calls proposal writing and preengagement discussions.

• Support security strategy compliance efforts (PCI DSS HIPAA ISO 27001 etc. and security roadmap development.

Requirements:

• 35 years of experience in penetration testing focusing on web applications APIs and mobile apps.

• Proficiency with tools such as Burp Suite Pro Postman OWASP ZAP MobSF APKTool Frida Objection and related tools.

• Strong understanding of OWASP Top 10 (Web API Mobile) and other security frameworks.

• Experience testing authentication mechanisms including OAuth JWT SAML and API keybased authentication.

• Familiarity with GraphQL security testing and API fuzzing techniques.

• Experience in mobile app security testing including SSL pinning bypass root/jailbreak detection bypass and dynamic analysis.

• Strong written and verbal communication skills for client reporting and presentations.

• Ability to translate technical risks into business impact for clients.

• Willingness to travel up to 25 for client meetings assessments and industry conferences.

• Ability and willingness to perform network and wireless penetration testing and social engineering when required.

• Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

Preferred Qualifications:

• Industry certifications such as OSCP GWAPT OSWE OSEP OSEE GMOB or OSCE3

• Familiarity with cloud security (AWS Azure GCP) and API security gateways.

• Experience with secure SDLC threat modeling and DevSecOps integration.

• Understanding of container security (Docker Kubernetes).

• Public speaking experience (e.g. conferences webinars client presentations).

• Experience contributing to opensource security tools or bug bounty programs.

For individuals assigned and/or hired to work in California Colorado or New York Ankura is required to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the said markets and considers a broad range of factors including but not limited to skill sets experience and training licensure and certifications and other business and organizational needs. The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the position may be filled. The range does not include additional benefits outside of salary. At Ankura it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each role. A reasonable estimate of the current base pay range is between $85000 to $200000; this range is not a promise of a particular wage.

#LIremote

#LIAL1

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters if you have a disability and believe you need a reasonable accommodation to search for a job opening submit an online application or participate in an interview/assessment please email or call tollfree 1.. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes such as following up on an application or technical issues unrelated to a disability will not receive a response.