Senior Application Security Analyst (Pentester)

Remote

Full Time

Experienced

Join Our Mission: To Save the World from Unsafe Mobile Apps! NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. As the standards-based mobile app risk management company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security, privacy, safety and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers continuous security and compliance with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP,and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.www.nowsecure.com

YOUR OPPORTUNITY

Looking to build your problem-solving and vulnerability hunting abilities? As an Application Security Analyst, you’ll have the opportunity to use your skills in mobile and web security, application pen testing, and networking protocols to support our public and private sector customers. Working on a team of penetration testing, vulnerability assessment, and risk management experts, you’ll perform web application pentests as well as reverse engineering and vulnerability analysis of both iOS and Android mobile applications, connected wearables, medical devices and cutting edge automotive technologies. Take part in partnerships with other industry leaders and make a meaningful contribution to the security research and testing community. You’ll even be able to leverage your security research prowess and join us in our 5G and baseband security laboratory! Are you ready to help us on our mission to save the world from unsafe mobile apps?

RESPONSIBILITIES

Perform regular vulnerability assessments, risk assessments, or penetration tests for NowSecure’s customers to include web and mobile applications, wearable devices, API, and IoT.
Create technically sound and actionable reports for customers informing upon identified vulnerabilities and paths to mitigation.
Convey technical topics to a variety of audiences including developers and security teams, both internal and external to NowSecure.
Take the part of a trusted advisor and provide your opinion as a subject matter expert to help our customers navigate business decisions as it comes to risk.
Develop automation or tooling where necessary to introduce efficiencies into the testing process.
Demonstrate a resourceful and creative approach to solving technical and procedural problems and build creative solutions.
Work with a variety of projects which includes short-term engagements and extended program work with long-term customers.

SKILLS AND EXPERIENCE NEEDED FOR SUCCESS

Bachelor's Degree and three years of work experience, or in lieu of a Bachelor's Degree, 6-8 years of related cyber security work experience will be accepted
4+ years experience in penetration testing or vulnerability assessment of web, mobile, or IoT applications/devices
Deep understanding of security fundamentals (OWASP MASVS, OWASP MSTG), common vulnerabilities, and application security best practices.
Experience conducting network traffic captures / packet captures (PCAP) including familiarity with proxies such as OWASP ZAP, mitmproxy, Charles, Fiddler, Burp Suite, etc.
High proficiency in web security analysis, including mapping of the application’s attack surface, vulnerability discovery, exploitation, and attack vector chaining.
Experience rooting or jailbreaking mobile devices.
Demonstrated experience with programming and scripting languages such as Python, Ruby, PowerShell, Java, JavaScript, etc.
Demonstrated familiarity with iOS or Android system internals.
Strong familiarity with DAST and SAST technologies.
Solid understanding of TCP/UDP ports and protocols and web requests including POST, GET, HTTP headers, user agents, request parameters, cookies, etc.
Strong technical writing skills.
Proficiency with operating systems- Linux, Windows, MacOS.
Self-starter with the ability to work independently, interface with multiple teams, and willingness to overcome challenging problems while identifying opportunities for improvement.
Ability to multi-task and context switch to work on multiple project requests in parallel.
Strong desire to learn and be willing to invest the time necessary to address knowledge gaps.
Ability to work on a team or independently and be able to prioritize tasks.

DESIRED SKILLS (Stand out from the crowd…)

Previous professional services or consulting experience.
Previous red teaming, research or analytics experience.
Background in system and network security, authentication and security protocols, and applied cryptography is helpful
Experience using Frida for any type of application security project
Binary reverse engineering using Binary Ninja, IDA Pro, or Radare (r2).
Experience with AWS or Google cloud environments preferred with an understanding of its major technologies.

BONUS POINTS (You have our attention…)

Experience with LTE and GSM protocols.
Past experience with NowSecure tools.
Experience with bug bounty and vulnerability disclosure programs.
Published CVEs.
Active security certifications, including: OSCP, CHFI, CEH, GPEN, GWAPT, eMAPT, GMOB, CPENT, GXPN
Advanced relevant academic training, such as a Master’s degree in Computer Science, Computer Forensics, Cyber Security, or related field.

WE VALUE DIVERSITY

We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences.

COMPENSATION & BENEFITS

The salary band for this position ranges is competitive and commensurate with experience and performance. This position will be eligible for a competitive annual bonus and equity package.
Comprehensive Medical/Dental/Vision coverage
401K Plan + Company Match
Remote work flexibility
Home Office Stipend
Paid Parental Leave
Flexible PTO

Apply for this position

Required*

Apply with Indeed

First Name*

Last Name*

Email Address*

Phone*

Address*

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

LinkedIn Profile URL:*

The following questions are entirely optional.

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Gender

Race/Ethnicity

Voluntary Self-Identification of Disability

Voluntary Self-Identification of Disability Form CC-305
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Please check one of the boxes below:

YES, I HAVE A DISABILITY, OR HAVE HAD ONE IN THE PAST NO, I DO NOT HAVE A DISABILITY AND HAVE NOT HAD ONE IN THE PAST I DO NOT WANT TO ANSWER

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

You must enter your name and date
Name	Date

Human Check*

Submit Application