[Hiring] Senior Application Security Analyst @NowSecure

Role Description

We’re looking for a Senior Application Security Analyst — a hands-on pentester who thrives on technical challenges, thinks creatively under pressure, and has an insatiable curiosity for how things work (and how they break).

If you’re the kind of person who spins up a quick Python script to automate a test, roots a phone just to see what’s inside, or finds joy in reverse engineering an app at 2 AM — you’ll fit right in.

In this role, you’ll:

• Hunt vulnerabilities, dissect mobile apps and APIs, and collaborate with a team of world-class testers who live and breathe offensive security.
• Help evolve our methodologies, develop new tooling, and contribute to NowSecure’s cutting-edge research across mobile, web, and connected systems.

Qualifications

• Bachelor’s degree in a technical field or 6–8 years of equivalent security experience.
• 2+ years of experience in penetration testing or vulnerability assessment of mobile, web, or IoT apps/devices.
• Deep understanding of OWASP MASVS / MASTG and app security fundamentals.
• Strong experience with intercepting and analyzing traffic using tools like Burp Suite, mitmproxy, ZAP, Charles, or Fiddler.
• Proficiency in mobile device rooting/jailbreaking and familiarity with iOS and Android internals, or equivalent hands-on experience in web application penetration testing or firmware reverse engineering.
• Strong scripting or development experience (e.g., Python, Java, JavaScript, Ruby, or PowerShell).
• Solid grasp of network and web fundamentals — TCP/UDP, HTTP requests, headers, cookies, APIs, and authentication flows.
• Excellent technical writing and documentation skills.
• Comfort working with Linux, Windows, and macOS environments.
• A self-starter mindset - able to work independently, manage multiple projects, and find creative solutions to tough problems.
• A demonstrated drive to learn, experiment, and stay on the cutting edge of mobile and appsec trends.

Requirements

• Familiarity with DAST/SAST tools, mobile instrumentation (e.g., Frida), and dynamic analysis.
• Professional services or consulting experience.
• Prior security research or exploit development experience.
• Knowledge of system/network security, authentication, and applied cryptography.
• Familiarity with Frida, Binary Ninja, Radare2, or IDA Pro.
• Experience testing in AWS, Azure, or GCP environments.
• Contributions to open-source security projects or published research.
• Past public speaking experience (conferences, podcasts, etc).
• One or more active certifications such as:
  • Infosec Certified Mobile and Web Application Penetration Tester (CMWAPT)
  • Offensive Security Web Expert (OSWE)
  • Offensive Security Certified Professional (OSCP)
  • GIAC Certified Penetration Tester (GPEN)
  • GIAC Certified Web Application Defender (GWEB)
  • GIAC Web Application Penetration Tester (GWAPT)
  • INE Web Application Penetration Tester eXtreme (eWPTX)
  • GIAC Mobile Device Security Analyst (GMOB)
  • 8kSec Certified Mobile Security Engineer (CMSE)
  • INE Mobile Application Penetration Tester (eMAPT)
  • TCM-SEC Mobile Application Penetration Testing

Benefits

• Comprehensive Medical/Dental/Vision coverage
• 401K Plan + Company Match
• Remote work flexibility
• Home Office Stipend
• Paid Parental Leave
• Flexible PTO

Company Description

NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. As the standards-based mobile app risk management company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security, privacy, safety and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers continuous security and compliance with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.