Key skills
AndroidiOSOAuthMobile DevelopmentPenetration Testing
About this role
Role Overview
- Design and execute Red Team operations targeting mobile applications, SDKs, and biometric identity flows across iOS and Android
- Perform advanced mobile application penetration testing, including reverse engineering, runtime manipulation, and bypass techniques
- Simulate realistic attack scenarios such as: Device compromise (rooted/jailbroken environments), Emulator and instrumentation attacks, Biometric spoofing and presentation attacks, Mobile API abuse and session manipulation
- Identify vulnerabilities in mobile architectures, authentication flows, and client-side controls
- Conduct research into emerging mobile threat actor tactics, techniques, and procedures (TTPs), particularly in biometric and identity systems
- Develop proof-of-concept exploits and tooling to replicate real-world attack scenarios
- Produce clear, actionable reports with risk-ranked remediation guidance for engineering and product teams
- Collaborate closely with mobile engineers, product, and security teams to translate findings into practical fixes
- Provide code-level and architectural guidance to improve mobile application security
- Validate remediations and ensure vulnerabilities are effectively addressed
- Contribute to improving detection capabilities within iProov’s security ecosystem (including iSOC)
- Mentor engineers on secure mobile development practices and threat modelling
- Ensure all activities align with rules of engagement, legal, and regulatory requirements
Requirements
- 5+ years’ experience in Red Teaming, penetration testing, or mobile security research
- Strong hands-on expertise in mobile application security (iOS and/or Android)
- Experience with: Reverse engineering tools (e.g. Frida, Objection, Ghidra, Hopper, IDA Pro)
- Mobile testing frameworks and interception tools (e.g. Burp Suite, mitmproxy)
- Analysing mobile binaries (APK/IPA), obfuscation, and runtime protections
- Deep understanding of: Mobile OS internals (Android/iOS security models)
- Secure storage, keychains/keystores, and cryptographic implementations
- Authentication protocols and identity flows (OAuth, biometrics, session handling)
- Experience identifying and exploiting: Client-side trust issues
- Certificate pinning bypasses
- Anti-tampering and anti-debugging controls
- Ability to build or customise tooling and scripts for mobile security testing
- Experience communicating complex technical findings to both technical and non-technical audiences
- A passion for offensive security and creatively breaking systems to make them stronger
- Comfortable operating in a high-growth, fast-paced environment
Tech Stack
- Android
- iOS
Benefits
- 25 days Annual Leave, plus 8 Bank Holidays (more holiday with service
- up to an extra 5 days off per year based on your continuous service)
- Growth Shares allocated after passing probation (6 months of service)
- Salary sacrifice schemes including: Pension, Cycle To Work and Electric Car Scheme
- Nursery Sacrifice Scheme
- Work Overseas Perk
- Work globally for up to 2 weeks
- Life Assurance
- SmartHealth
- Access to private GP, Psychologist, Nutritionist along with tailored fitness plans for both you and your family
- Benefit from personalized 1:1 career coaching with our in-house Occupational Psychologist
- Award winning L&D platform with personal allocated training budgets
- Enhanced paid family leave
- Pension
- 5% employee, 3% employer
- Flexible hybrid working environment
- Free Barista Coffee/Tea, biscuits with fruit in the WeWork office
- Free access to WeWork discounts and free online well-being sessions
- Vitality Health
- a range of options available on this below
- The Vitality Programme includes a number of reward benefits that all employees have access to as part of the plan, for example: Private Health cover including Dental, Optical, and Audiology
- 50% off monthly gym memberships
- Apple watches significantly discounted based member vitality status
- Half price trainers with Runners Need
- Weekly rewards – Free coffee with Café Nero
- Monthly rewards – Free Cinema ticket
- Discounts on travel with Expedia (hotels) and Mr & Mrs Smith with discounts getting greater throughout the year based on a members vitality status
- Amazon prime free months based on activity
- Up to 25% cashback at Waitrose when buying healthy foods
- 75% off stays at Champneys Health Spas
- Allen Carr’s £299 no smoking programme for free
- Access to Vitality Healthy Mind with 30% off Headspace subscriptions and the ability to earn Vitality points for using Buddhify, Calm and Headspace
- Discounts on Weight Watchers
- 50%-80% off Comprehensive Private Health screenings