Vivo (Telefônica Brasil)Remote
Senior Cybersecurity Analyst – Mobile Pentest
Brasil
Full Time
2 hours ago
No Visa Sponsorship
Key skills
AndroidAzureGraphQLiOSJavaJavaScriptKotlinPythonSwiftGoC++CShellPowerShellAzure ADSAMLSSOAgileCommunicationOWASPWAFFirewall
About this role
Role Overview
- The professional will be responsible for collaborating with the Red Team and performing offensive security tasks to ensure the protection of the company's applications and infrastructure.
- Plan and execute penetration tests on Android and iOS applications (native, hybrid and cross‑platform).
- Perform static and dynamic analysis of mobile binaries (SAST/DAST), including reverse engineering of APKs and IPAs.
- Bypass mobile security controls, including: SSL pinning (custom and native), root/jailbreak detection, anti‑debugging, anti‑tampering and anti‑hooking, obfuscation mechanisms (ProGuard, DexGuard, etc.), runtime protection controls (RASP – Runtime Application Self‑Protection).
- Execute dynamic instrumentation with tools such as Frida and Objection in protected scenarios.
- Assess and exploit anti‑fraud mechanisms and integrity protections of mobile applications.
- Assess the security of REST/GraphQL APIs consumed by mobile applications, including authentication, authorization and business‑logic testing.
- Operate in chained attack scenarios, identifying possibilities for lateral movement.
- Participate in incident response alongside the CSIRT, investigating threats and collaborating on vulnerability remediation.
- Contribute to building and maintaining mobile pentest methodologies, playbooks and internal tools.
- Propose new security solutions based on market trends.
- Create proof of concepts (PoCs) demonstrating technical impact and business risk.
- Prepare technical reports and presentations (documentation and evidence of tests performed) for internal and management teams.
Requirements
- Proficiency with tools such as Frida, Objection, MobSF, Jadx, Ghidra, Burp Suite, APKTool and similar.
- Experience with dynamic analysis and advanced instrumentation.
- Practical experience bypassing mobile protection mechanisms, including: SSL pinning, root/jailbreak detection, anti‑tampering, anti‑debugging and RASP‑based protections.
- Deep knowledge of OWASP Mobile Top 10, OWASP MASTG (Mobile Application Security Testing Guide) and MASVS.
- Familiarity with mobile architectures: Android (Kotlin/Java), iOS (Swift/Objective‑C).
- Knowledge of native security mechanisms: Android Keystore, iOS Keychain, App Sandbox.
- Knowledge of API security (REST / GraphQL), including authentication and authorization.
- Knowledge of security solutions such as WAF, firewall, IDS/IPS, and password vaults.
- Knowledge of authentication and identity: SSO, ADFS, Azure AD, OAuth2, OpenID Connect, SAML.
- Familiarity with programming and scripting languages such as Python, Shell script, PowerShell, C/C++, Go, Java, JavaScript, etc.
- Certifications such as OSCP, OSWE, EWPTX, DCPT, EMAPT, SCMPA among others are a plus.
- Experience with agile methodologies and strong written and verbal communication skills.
Tech Stack
- Android
- Azure
- GraphQL
- iOS
- Java
- JavaScript
- Kotlin
- Python
- Swift
- Go
Benefits
- Choose the ideal benefits for you and your dependents through a digital platform with several categories including gym, meal vouchers (VR), food allowance (VA), pharmacy assistance, health insurance, dental insurance and life insurance.
- Company mobile phone. Yes, a brand‑new smartphone for you!
- Unlimited voice and data plan! Yes, unlimited! On the best mobile network, even faster with Vivo 5G!
- An exclusive Vivo offer with special discounts on landline, broadband, TV and apps.
- Eligible to receive an annual bonus or PPR.
- Plan your future through a private pension plan.
- Have children? You are entitled to a subsidy to help with school, daycare or babysitter expenses.
- Work in an environment that respects your personality, dress style and way of being, and where you can be authentic. #VemdeVocê
- Work remotely up to 2 days per week. #Mobility
- Flexible working hours.
- Enjoy a day off to celebrate your birthday (Day Off).
- Participate in one of the largest corporate volunteering programs to help you make a difference in the world.
- Take advantage of our Educational Development Program offering partnerships with educational institutions at a discount; certifications and online courses.
- Boost your career through our Internal Recruitment Program, in Brazil or abroad — after all, we are present in more than 17 countries! #VivoMinhaCarreira
- Access a range of initiatives to improve your physical, emotional and social health! We offer the #VivoBemEstar program, which encourages our team to adopt healthy habits and a better quality of life. Services include consultations with nutritionists, psychologists, social workers, telemedicine, and more!
- All our vacancies are open to people with disabilities and/or rehabilitated individuals. We have a culture that values diversity, differences and people’s potential! #VivoDiversidade #VemPraVivo