Senior Application Security Analyst (Pentester) jobs in United States
cer-icon
Apply on Employer Site
company-logo

NowSecure · 2 days ago

Senior Application Security Analyst (Pentester)

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date6+ years exp

NowSecure is a mobile app security software company dedicated to protecting the Mobile App Economy. The Senior Application Security Analyst will perform hands-on penetration testing of mobile apps, APIs, and web applications, while also collaborating with a team to enhance security methodologies and tools.

AppsCyber SecurityMobilePenetration TestingSecuritySoftware
check
H1B Sponsor Likelynote

Responsibilities

Perform hands-on penetration testing of mobile apps (iOS/Android), APIs, web apps and connected ecosystems (IoT, automotive, medical, wearable)
Conduct vulnerability assessments and reverse engineering using tools like Burp Suite, Frida, mitmproxy, Ghidra, Radare2, IDA, or custom scripts
Create clear, actionable technical reports that communicate findings and remediation guidance to both developers and security teams
Act as a trusted advisor to customers, helping them make informed, risk-based decisions about their mobile and app security posture
Build or adapt custom scripts, fuzzers, or automation tools to make testing faster, smarter, and more reliable
Collaborate with teammates to refine methodologies, share research, and continuously push the boundaries of mobile and web security testing
Tackle complex problems with creativity; when something doesn’t work, figure out another way. “Scrappy” is a skill set here, not a slogan

Qualification

Penetration TestingVulnerability AssessmentOWASP MASVS / MASTGScripting PythonScripting JavaTraffic Analysis ToolsMobile Device RootingNetwork FundamentalsLinuxWindowsMacOSTechnical WritingConsulting ExperienceSecurity ResearchCryptography KnowledgeOpen-source ContributionsPublic SpeakingActive Certifications

Required

Bachelor's degree in a technical field or 6–8 years of equivalent security experience
2+ years of experience in penetration testing or vulnerability assessment of mobile, web, or IoT apps/devices
Deep understanding of OWASP MASVS / MASTG and app security fundamentals
Strong experience with intercepting and analyzing traffic using tools like Burp Suite, mitmproxy, ZAP, Charles, or Fiddler
Proficiency in mobile device rooting/jailbreaking and familiarity with iOS and Android internals, or equivalent hands-on experience in web application penetration testing or firmware reverse engineering
Strong scripting or development experience (e.g., Python, Java, JavaScript, Ruby, or PowerShell)
Solid grasp of network and web fundamentals — TCP/UDP, HTTP requests, headers, cookies, APIs, and authentication flows
Excellent technical writing and documentation skills
Comfort working with Linux, Windows, and macOS environments
A self-starter mindset - able to work independently, manage multiple projects, and find creative solutions to tough problems
A demonstrated drive to learn, experiment, and stay on the cutting edge of mobile and appsec trends

Preferred

Familiarity with DAST/SAST tools, mobile instrumentation (e.g., Frida), and dynamic analysis
Professional services or consulting experience
Prior security research or exploit development experience
Knowledge of system/network security, authentication, and applied cryptography
Familiarity with Frida, Binary Ninja, Radare2, or IDA Pro
Experience testing in AWS, Azure, or GCP environments
Contributions to open-source security projects or published research
Past public speaking experience (conferences, podcasts, etc)
One or more active certifications such as: Infosec Certified Mobile and Web Application Penetration Tester (CMWAPT), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), GIAC Certified Penetration Tester (GPEN), GIAC Certified Web Application Defender (GWEB), GIAC Web Application Penetration Tester (GWAPT), INE Web Application Penetration Tester eXtreme (eWPTX), GIAC Mobile Device Security Analyst (GMOB), 8kSec Certified Mobile Security Engineer (CMSE), INE Mobile Application Penetration Tester (eMAPT), TCM-SEC Mobile Application Penetration Testing
Experience with LTE / GSM protocols or 5G network analysis
Prior experience using NowSecure tools
Master's degree in Computer Science, Cybersecurity, or related field

Benefits

Comprehensive Medical/Dental/Vision coverage
401K Plan + Company Match
Remote work flexibility
Home Office Stipend
Paid Parental Leave
Flexible PTO

Company

NowSecure

twittertwittertwitter
company-logo
NowSecure provides automated mobile app security testing software that can be integrated into the development (CI/CD) process.
dateFounded in 2009
location
Chicago, Illinois, USA
people-size51-200 employees
web-link
http://www.nowsecure.com

H1B Sponsorship

NowSecure has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2022 (2)

Funding

Current Stage
Growth Stage
Total Funding
$27.5M
Key Investors
CIBC Innovation BankingForgepoint CapitalBaird Capital
2022-06-09Debt Financing
2019-06-28Series B· $15M
2014-12-02Series A· $12.5M

Leadership Team

leader-logo
Alan Snyder
CEO
linkedin
leader-logo
Andrew Hoog
Co-Founder/Board Member
linkedin

Recent News

Help Net Security
Infosec products of the month: October 2025
2025-11-01
Mexico Business
AI Agents Expose Cracks in Global Defenses: Cyber Week
2025-10-18
PR Newswire
NowSecure Unveils MARC (Mobile Application Risk Checker) to Elevate Awareness of Mobile Data Security and Privacy Risks
2025-10-10
Company data provided by crunchbase