Senior Penetration Tester (Desktop+Mobile) (IRC289412)

Job Description

• 5+ years of dedicated professional penetration testing experience, with at least 3 years focused on Web and Network environments;
• Bachelor’s degree in Computer Science, Cyber Security, or equivalent practical experience;
• Mastery of IDA Pro, Ghidra, Binary Ninja, or x64dbg;
• Deep knowledge of OWASP MASVS/MASTG. Experience with Frida, Objection, Ghidra, and MobSF;
• Understanding of the OWASP Top 10 and ASVS, expert-level proficiency with Burp Suite Professional, SQLMap, and directory brute-forcing tools
• Strong ability to read and write C/C++, C#, Python, and Assembly (x86/x64/ARM).
• Experience testing Named Pipes, Sockets, and Shared Memory.
• Experience in binary analysis for vulnerabilities;
• Deep understanding of the Win32 API, .NET (dnSpy/DotPeek), and DLL hijacking.v;
• Reading and writing scripts like Python, PowerShell, Bash, or similar will be a plus
• An understanding of Java will be a plus

• Understanding of Healthcare compliance, such as the FDA, will be a huge advantage.

   

Job Responsibilities

In the role of Senior Pentester - you will be expected to perform the following:

• Conduct deep-dive security assessments of desktop applications (C++, C#, Java, Electron, Rust) to identify vulnerabilities like memory corruption, insecure file handling, and weak encryption;
• Decompile and disassemble binaries to understand undocumented logic, extract hardcoded secrets, and identify bypasses for licensing or security checks;
• Collaborate with engineers to validate fixes and implement long-term defensive controls;
• Develop custom scripts and payloads to automate repetitive tasks and integrate security testing into CI/CD pipelines;
• Develop and test techniques to bypass modern security suites (CrowdStrike, SentinelOne, Microsoft Defender) during application execution;

Department/Project Description

Our client is an innovative manufacturer of medical devices in the United States that produces devices and software applications.

In this project, you will have a great opportunity to be involved in the full penetration testing life cycle of medical software, including Web, Mobile, Desktop applications, and APIs, which are intended to help individuals by processing certain information taken from medical devices to identify health trends and to track daily activities.

In addition - there are opportunities to work with medical devices, in the scope of end-to-end testing.