Thick-Client & Mobile Penetration Tester

Company Description

Wityliti is an AI-first IoT and climate-tech innovator that designs and delivers intelligent automation solutions for residential, commercial, and industrial environments. Since 2015, our offerings have helped clients across India and beyond to achieve real-time visibility, optimize resource use, and accelerate sustainability goals with enterprise-grade security and scalability. Wityliti specializes in IoT devices, AI-enhanced cybersecurity, scalable enterprise SaaS, and climate tech innovation, with a mission to make intelligent automation accessible and impactful for every organization. Our vision is to lead the global shift toward interconnected, low-carbon ecosystems that enhance comfort, efficiency, and environmental stewardship in every space.

Role Summary

We are looking for a skilled Thick-Client & Mobile Penetration Tester with 2–5 years of hands-on experience in application security testing. The candidate will be responsible for conducting security assessments of thick/desktop client applications (Windows/macOS/Linux) and mobile platforms (Android & iOS), identifying vulnerabilities, demonstrating impact, and providing actionable remediation advice to engineering teams.

The role requires a strong mix of reverse engineering, dynamic analysis, and mobile instrumentation techniques along with the ability to write clear reports and collaborate with development teams to ensure issues are addressed.

Key Responsibilities

• Perform penetration tests and security assessments on thick-client applications (.NET, Java, C/C++, Electron, etc.) and mobile apps (Android/iOS).
• Conduct reverse engineering of binaries, libraries, and custom protocols to identify vulnerabilities such as insecure authentication, data storage flaws, and cryptographic misuse.
• Use dynamic analysis techniques (e.g., Frida, Objection, Burp Suite, mitmproxy) to intercept, manipulate, and test application traffic.
• Bypass mobile protections like certificate pinning, root/jailbreak detection, and code obfuscation.
• Analyze and test client-server communications, custom APIs, and proprietary protocols.
• Validate vulnerabilities, develop proof-of-concept exploits, and work with dev teams on fixes.
• Write clear, detailed penetration testing reports including risk ratings, PoCs, and remediation recommendations.
• Stay up-to-date with the latest security vulnerabilities, mobile OS updates, and attack techniques.
• Contribute to security tooling, automation scripts, and internal testing methodologies.

Required Skills & Qualifications

• 2–5 years of hands-on penetration testing experience
  , with at least 1+ year in
  mobile and/or thick-client testing
  .
• Strong understanding of
  application security principles
  (OWASP Top 10, OWASP Mobile Top 10).
• Experience with
  mobile app security testing
  :
• Android
  : APK decompilation (apktool, jadx), Smali analysis, Frida/Objection instrumentation.
• iOS
  : IPA analysis, reverse engineering Mach-O binaries, jailbroken device testing.
• Experience testing
  thick-client apps
  : .NET, Java, C/C++, Electron, or Qt.
• Familiarity with
  reverse engineering tools
  : IDA Pro, Ghidra, Hopper, Radare2, JADX.
• Proficiency with
  interception/proxy tools
  : Burp Suite Pro, mitmproxy, Charles Proxy.
• Strong scripting skills in
  Python, Bash, or PowerShell
  for automation and PoC creation.
• Understanding of
  cryptography misuse, insecure storage, and local privilege escalation techniques
  .
• Hands-on experience with
  client-server protocol analysis and fuzzing
  .

Nice-to-Have Skills

• Experience with
  cross-platform frameworks
  : React Native, Flutter, Xamarin, Electron.
• Familiarity with
  secure coding practices
  and reviewing source code for security issues.
• Understanding of
  binary exploitation basics
  (memory corruption, ROP, buffer overflows).
• Knowledge of
  CI/CD pipelines and supply chain security
  for client builds.
• Certifications:
  OSCP, OSWE, OSEP, GMOB, GPEN, eMAPT
  (nice-to-have, not mandatory).
• Prior experience publishing security research, blogs, or open-source tools.

Soft Skills

• Strong analytical and problem-solving skills with attention to detail.
• Excellent written and verbal communication skills for technical and non-technical audiences.
• Ability to work independently as well as in a team-oriented environment.
• Strong sense of ethics and responsibility in handling sensitive data.

Deliverables

• Comprehensive penetration test reports with prioritized vulnerabilities.
• Proof-of-concept (PoC) exploits for critical issues.
• Remediation guidance sessions with development teams.
• Contributions to internal tools, scripts, and methodologies.

Why Join Us?

• Opportunity to work on challenging real-world penetration testing projects.
• Exposure to a wide variety of mobile and thick-client technologies.
• Continuous learning and R&D time for exploring the latest attack techniques.
• Supportive security team with a focus on career growth and certifications.