Security Consultant II

Security Consultant II (Mobile Application Penetration Tester)Job Category: ServicesRequisition Number: SECUR001620Posted : September 12, 2025FullRemoteLocationsShowing 1 locationCanadaToronto, ON M5J2T3, CANDescriptionNetSPI® is an award‑winning pioneer of Penetration Testing as a Service (PTaaS) with its AI‑powered platform supported by more than 350 in‑house cybersecurity experts. Specializing in 50+ pentest types, attack surface visibility, vulnerability prioritization, and attack simulation, NetSPI delivers security testing with unprecedented clarity, speed, and scale.NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer‑first mindset to join our team. Learn more about our award‑winning workplace culture and get to know our A‑Team at www.netspi.com/careers.Join the mission as a Security Consultant II. We are seeking a skilled and detail‑oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting mobile applications, you will work closely with clients to deliver clear, actionable reports and contribute to the development of security best practices.Responsibilities:Conduct penetration testing engagements on mobile applications and underlying APIsIdentify insecure data storage, communications, or cryptography in mobile applicationsCreate, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client‑specific processes, reporting standards, and access protocols to help improve their security postureResearch and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processesPerform administrative tasks related to day‑to‑day consulting activities to ensure smooth business and engagement operations.Minimum Qualifications:Bachelor’s degree or higher required, with a concentration in Computer Science, Engineering, Math, or IT preferred, or equivalent experienceMinimum of 2‑3 years of work experience in application penetration testingFamiliarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus, Frida, Drozer, Objection, Ghidra)Understanding of mobile application data security, communications, and sandboxesKnowledge of Android and iOS operating systemsFamiliarity with offensive and defensive IT concepts and protocolsExtensive understanding of the OWASP Top 10 and various security frameworksWorking knowledge of Windows, Linux and MacOS operating systems internalsAbility to work independently and as part of a teamProficient communication skills, both written and verbalWillingness to travel up to 5‑10%This position requires an 8‑hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needsPreferred Qualifications:Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferencesExperience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#)Offensive cybersecurity certifications (e.g., GXPN, GPEN, OSCP, CISSP, GWAPT)Experience in ARM reverse engineeringExperience developing Frida tools to bypass application protections or exploit vulnerabilitiesWe are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law. #J-18808-Ljbffr