Key Responsibilities:

Application & Mobile Security:

• Perform penetration testing of mobile applications (Android/iOS) and backend APIs.
• Conduct static and dynamic code analysis (SAST/DAST) to identify vulnerabilities.
• Review mobile and backend code for secure coding practices and logic flaws.
• Implement and enforce secure data storage, encryption (AES, RSA, TLS), SSL pinning, and secure API communications.
• Simulate real-world attacks like MITM, reverse engineering, jailbreak/root detection, tampering, API abuse, etc.

Security Compliance & Governance:

• Define and implement policies for SOC 2, ISO 27001, GDPR, and internal security standards.
• Create and maintain security documentation, risk registers, incident response plans, and access control policies.
• Work with auditors to ensure certification readiness (SOC 2, ISO 27001).
• Conduct security awareness sessions for development and operations teams.

Security Processes & Monitoring:

• Develop secure SDLC practices (threat modeling, security gates, code review checklists).
• Define incident response and vulnerability management procedures.
• Collaborate on CI/CD security integration, API security testing, dependency scanning, and secret management.
• Monitor systems using SIEM tools, log analysis, anomaly detection, audit trails.
• Secure all licenses needed for Fintech application

Must Have Skills:

Technical Security Expertise:

• 2–5+ years in application/mobile security or penetration testing.
• Strong experience with Android/iOS app security, API security testing, reverse engineering tools (Burp Suite, MobSF, Frida, Postman, OWASP ZAP, etc.).
• Knowledge of OWASP Top 10 (Web & Mobile), CWE, and secure coding principles.
• Experience testing authentication flows (OAuth2, JWT, MFA) and encryption standards.
• Understanding of network security, TLS/HTTPS, SSL pinning, key management.
• Experience in security compliance of Fintech applications

Compliance & Security Frameworks:

• Familiarity with SOC 2, ISO 27001, PCI-DSS or similar security frameworks.
• Ability to define and implement security policies, risk assessments, access control procedures, and audit documentation.

Problem Solving & Security Mindset:

• Strong analytical and threat-modeling mindset.
• Ability to simulate real-world attack scenarios.
• Experience in writing detailed security reports and remediation plans.

Nice to Have (Bonus Skills):

• Certifications: CEH, OSCP, CISSP, CISA, ISO 27001 Lead Implementer, or similar.
• Experience with DevSecOps (CI/CD pipeline scanning, SAST/DAST automation).
• Knowledge of cloud security (DevSecOps) (Azure/AWS/GCP).
• Knowledge of secure backend architectures (Node.js/Express, Firebase, Java/Kotlin/Swift).
• Experience with cryptography implementation (AES-256, RSA-2048, HSM, Key Vaults).
• Familiarity with SIEM tools: Splunk, Azure Sentinel, ELK, Wazuh.
• Background in security compliance of Fintech applications

Tech & Tools Exposure:

Burp Suite | OWASP ZAP | MobSF | Frida | JADX | Wireshark | Postman | Nmap | Metasploit | Git | SonarQube | Checkmarx | JWT | OAuth2 | TLS/SSL | SIEM Tools

Ideal Candidate Traits:

Thinks like a hacker and defender

Strong documentation and audit-oriented mindset

Passionate about building secure, scalable mobile products

Understands bank-level encryption and data protection practices

Able to guide developers and improve overall security posture

Benefits:

• Comprehensive medical insurance for employee & family, including OPD
• Company provided weekday meals at the workplace
• Fitness allowance up to PKR 5,000/month with proof of active membership
• Annual performance-based salary review (up to 15%)
• Minimum 3 year service commitment from your start date & reimbursement for training