Qureos

Find The RightJob.

About the Role

We are hiring a hands-on penetration testing engineer to conduct security assessments across our web applications, mobile platforms, and APIs. We expect deep manual testing — not scanner-only work — strong methodology, and clear reporting at every phase.

Key Responsibilities

Web & Mobile Application \ Api Security Testing

  • Manual black-box and grey-box testing following OWASP Top 10
  • Test for SQLi, XSS, CSRF, IDOR, SSRF, Broken Authentication, and Access Control flaws
  • Assess session management, cookies, HTTP headers, and client-side JavaScript logic
  • Static and dynamic assessment of Android and iOS apps following OWASP MASVS
  • APK/IPA reverse engineering, hardcoded secrets detection, insecure local storage
  • SSL pinning bypass, MitM traffic interception, runtime instrumentation
  • Biometric bypass, session token handling
  • Test REST endpoints against OWASP API Security Top 10
  • Focus on BOLA, JWT abuse, OAuth 2.0 flaws, mass assignment, and rate limiting gaps

Reporting

  • CVSS-scored findings with reproduction steps and proof-of-concept screenshots
  • Executive summary for management and full technical report for developers
  • Prioritised remediation roadmap and re-testing after fixes

Requirements

Must Have

  • 3+ years hands-on penetration testing — web and mobile focus
  • Strong knowledge of OWASP Top 10, OWASP MASVS, OWASP API Security Top 10
  • Android and iOS hands-on testing experience
  • Professional report writing for both technical and non-technical audiences

Nice to Have

Essential Tools

Burp Suite Pro, OWASP ZAP, SQLMap, Nikto, Gobuster,MobSF, jadx, apktool, Frida, Objection, ADB, Charles Proxy,Postman, jwt_tool, InQL,

Work Location: In person

© 2026 Qureos. All rights reserved.