TalaKunchi Networks Pvt Ltd
Website:
talakunchi.com
Job details:
Company Overview:
TalaKunchi Networks Pvt. Ltd. is a global consulting firm specializing in information security. With a diverse team of experts, we deliver customized solutions to strengthen IT infrastructures for clients worldwide. Our mission is to make security accessible, practical, and effective. We provide a comprehensive range of security testing and consulting services tailored to the evolving needs of organizations across industries.
Role: Mobile Application Security Subject Matter Expert (SME)
Location: Mumbai Onsite
Type: Full-time
We are seeking a highly skilled Mobile AppSec SME to lead security assessments of mobile applications, particularly in digital payment ecosystems. This role involves hands-on testing, vulnerability analysis, and close collaboration with development teams to embed security into the software development lifecycle. The SME will also contribute to research, innovation, and knowledge sharing within the organization.
Key Responsibilities
- Conduct security testing of Android and iOS applications in BFSI/FinTech environments.
- Perform manual and automated assessments aligned with OWASP Mobile Top 10, MASVS, and MSTG.
- Identify and mitigate vulnerabilities such as:
- Insecure data storage
- Weak cryptography
- Insecure communication
- Authentication/authorization flaws
- Business logic issues in payment flows
- Execute runtime instrumentation and dynamic analysis using Frida, Objection, Xposed.
- Reverse engineer mobile apps with tools like APKTool, JADX, Hopper, Ghidra.
- Intercept and analyze mobile traffic using Burp Suite, mitmproxy, Charles Proxy.
- Test backend APIs supporting payment workflows with Burp Suite, Postman.
- Validate security of payment features (UPI, wallets, cards, tokenization, OTP, MFA, session management).
- Deliver detailed vulnerability reports including risk assessment, PoCs, and remediation guidance.
- Collaborate with product and development teams to ensure effective fixes and retesting.
Research & Innovation (Mandatory)
- Explore vulnerabilities beyond standard checklists with a strong R&D mindset.
- Research new attack vectors in mobile and FinTech ecosystems.
- Analyze emerging Android/iOS versions and advanced bypass techniques (SSL pinning, root/jailbreak detection).
- Develop custom test cases for complex payment and business logic scenarios.
- Contribute to internal tools, scripts, and methodologies.
- Validate false positives/negatives independently.
Scripting & Automation (Mandatory)
- Hands-on experience with Python, JavaScript (Frida hooks), Bash.
- Ability to:
- Write and customize Frida scripts.
- Automate repetitive testing tasks.
- Adapt open-source tools for specific app behaviors.
- Strong grasp of secure coding flaws through runtime and code-level analysis.
Mandatory Skills & Experience
- 3–4 years of mobile application security testing experience.
- Deep understanding of Android and iOS security architectures.
- Proficiency with tools: MobSF, AndroBugs, QARK, Frida, Objection, Burp Suite.
- Experience testing BFSI/FinTech/Digital Payment applications.
- Strong knowledge of OWASP Mobile Top 10 and OWASP API Top 10.
Preferred Skills (Good to Have)
- Familiarity with PCI-DSS, RBI, CERT-In security requirements.
- Experience integrating mobile security testing into CI/CD pipelines.
- Basic knowledge of cloud and backend security supporting mobile apps.
- Hands-on iOS security testing experience (highly desirable).
Apply Now: Mobile Appsec - SME or email your updated resume on careers@talakunchi.com
Click on Apply to know more.