A rapidly growing leader in proactive cybersecurity services is expanding its consulting team and seeking a Security Consultant with a strong background in mobile application penetration testing. This role is ideal for a hands-on penetration tester who enjoys uncovering complex vulnerabilities and delivering meaningful security improvements for enterprise clients.

You will work alongside experienced security professionals, leveraging advanced tooling, automation, and research-driven methodologies to perform deep technical testing across mobile applications and APIs. The focus of this role is on producing high-quality, actionable findings that help organizations strengthen their security posture.

Key Responsibilities

Perform penetration testing engagements on mobile applications (iOS and Android) and associated APIs

Identify weaknesses related to data storage, network communications, authentication, and cryptography

Analyze mobile application behaviour, sandboxing, and OS-level security controls

Produce clear, well-structured penetration testing reports aligned with client-specific standards and workflows

Collaborate with internal teams and clients to explain findings and recommend remediation strategies

Research and develop new tools, techniques, and testing methodologies to improve assessment quality

Support consulting operations through documentation, reporting, and engagement-related administrative tasks

Required Qualifications

2–3+ years of experience conducting application or mobile penetration testing

Hands-on experience with offensive security tools such as:

Kali Linux, Burp Suite, Metasploit, Nessus

Mobile-focused tools including Frida, Drozer, Objection, and Ghidra

Solid understanding of mobile data security, encryption, and secure communications

Strong working knowledge of Android and iOS operating systems

Familiarity with common offensive and defensive security concepts and network protocols

Deep understanding of the OWASP Top 10 and relevant security frameworks

Working knowledge of Windows, Linux, and macOS internals

Ability to work independently while collaborating effectively within a team

Strong written and verbal communication skills

Willingness to travel up to 5–10%

Ability to support an 8-hour workday, with occasional evenings or weekends as required by project timelines

Preferred Experience

Mentoring or coaching junior team members

Sharing security knowledge through blogs, webinars, or conference presentations

Experience with scripting or programming languages such as Python, Ruby, Perl, Java, C/C++, or C#

Industry-recognized offensive security certifications (e.g., OSCP, GPEN, GXPN, GWAPT, CISSP)

Experience with ARM reverse engineering

Development of Frida scripts or tools to bypass protections or exploit mobile application vulnerabilities

This is a fully remote positon within the UK

If interested please do apply