Senior Application Security Analyst (Pentester)

Remote
Full Time
Experienced

Join Our Mission: To Save the World from Unsafe Mobile Apps! NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. As the standards-based mobile app risk management company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security, privacy, safety and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers continuous security and compliance with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP,and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.www.nowsecure.com

YOUR OPPORTUNITY

We’re looking for a Senior Application Security Analyst — a hands-on pentester who thrives on technical challenges, thinks creatively under pressure, and has an insatiable curiosity for how things work (and how they break).

If you’re the kind of person who spins up a quick Python script to automate a test, roots a phone just to see what’s inside, or finds joy in reverse engineering an app at 2 AM — you’ll fit right in.

In this role, you’ll hunt vulnerabilities, dissect mobile apps and APIs, and collaborate with a team of world-class testers who live and breathe offensive security. You’ll also help evolve our methodologies, develop new tooling, and contribute to NowSecure’s cutting-edge research across mobile, web, and connected systems.

WHAT YOU’LL DO

  • Perform hands-on penetration testing of mobile apps (iOS/Android), APIs, web apps and connected ecosystems (IoT, automotive, medical, wearable).
  • Conduct vulnerability assessments and reverse engineering using tools like Burp Suite, Frida, mitmproxy, Ghidra, Radare2, IDA, or custom scripts.
  • Create clear, actionable technical reports that communicate findings and remediation guidance to both developers and security teams.
  • Act as a trusted advisor to customers, helping them make informed, risk-based decisions about their mobile and app security posture
  • Build or adapt custom scripts, fuzzers, or automation tools to make testing faster, smarter, and more reliable.
  • Collaborate with teammates to refine methodologies, share research, and continuously push the boundaries of mobile and web security testing.
  • Tackle complex problems with creativity; when something doesn’t work, figure out another way. “Scrappy” is a skill set here, not a slogan.

WHO YOU ARE 

You’re a technical problem-solver who thrives on exploration and experimentation. You’re comfortable diving into unfamiliar codebases, debugging network traffic, and learning new tools on the fly. You’re not a button pusher; you’re the kind of tester who asks why something works (or doesn’t) and can pivot quickly when the usual tools fall short. You can translate technical detail into clear communication and enjoy mentoring or collaborating with others. You take ownership, seek out challenges, and are never satisfied with “good enough.”

REQUIREMENTS (You must have … ) 

  • Bachelor’s degree in a technical field or 6–8 years of equivalent security experience.
  • 2+ years of experience in penetration testing or vulnerability assessment of mobile, web, or IoT apps/devices.
  • Deep understanding of OWASP MASVS / MASTG and app security fundamentals.
  • Strong experience with intercepting and analyzing traffic using tools like Burp Suite, mitmproxy, ZAP, Charles, or Fiddler.
  • Proficiency in mobile device rooting/jailbreaking and familiarity with iOS and Android internals, or equivalent hands-on experience in web application penetration testing or firmware reverse engineering.
  • Strong scripting or development experience (e.g., Python, Java, JavaScript, Ruby, or PowerShell).
  • Solid grasp of network and web fundamentals — TCP/UDP, HTTP requests, headers, cookies, APIs, and authentication flows.
  • Excellent technical writing and documentation skills.
  • Comfort working with Linux, Windows, and macOS environments.
  • A self-starter mindset - able to work independently, manage multiple projects, and find creative solutions to tough problems.
  • A demonstrated drive to learn, experiment, and stay on the cutting edge of mobile and appsec trends.

DESIRED SKILLS (Stand out from the crowd…)

  • Familiarity with DAST/SAST tools, mobile instrumentation (e.g., Frida), and dynamic analysis.
  • Professional services or consulting experience.
  • Prior security research or exploit development experience.
  • Knowledge of system/network security, authentication, and applied cryptography.
  • Familiarity with Frida, Binary Ninja, Radare2, or IDA Pro.
  • Experience testing in AWS, Azure, or GCP environments.
  • Contributions to open-source security projects or published research.
  • Past public speaking experience (conferences, podcasts, etc)
  • One or more active certifications such as:
    • Infosec Certified Mobile and Web Application Penetration Tester (CMWAPT)
    • Offensive Security Web Expert (OSWE)
    • Offensive Security Certified Professional (OSCP)
    • GIAC Certified Penetration Tester (GPEN)
    • GIAC Certified Web Application Defender (GWEB)
    • GIAC Web Application Penetration Tester (GWAPT)
    • INE Web Application Penetration Tester eXtreme (eWPTX)
    • GIAC Mobile Device Security Analyst (GMOB)
    • 8kSec Certified Mobile Security Engineer (CMSE)
    • INE Mobile Application Penetration Tester (eMAPT)
    • TCM-SEC Mobile Application Penetration Testing

BONUS POINTS (You have our attention…)

  • Experience with LTE / GSM protocols or 5G network analysis.
  • Prior experience using NowSecure tools.
  • Master’s degree in Computer Science, Cybersecurity, or related field.

WE VALUE DIVERSITY

We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences.

COMPENSATION & BENEFITS

  • The salary band for this position ranges is competitive and commensurate with experience and performance. This position will be eligible for a competitive annual bonus and equity package.
  • Comprehensive Medical/Dental/Vision coverage 
  • 401K Plan + Company Match 
  • Remote work flexibility 
  • Home Office Stipend 
  • Paid Parental Leave 
  • Flexible PTO
Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Voluntary Self-Identification of Disability
Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 04/30/2026
Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Please check one of the boxes below:

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Human Check*