IT Security Analyst - Penetration Testing

Job Description Role Overview: You have an amazing opportunity as an IT Security Analyst (Mobile Application & Thick Client Penetration Testing) within the Global Business Services division of Wolters Kluwer. Your role will be integral in ensuring the operation and delivery of critical security services to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets. This position is remote, offering you the flexibility to work from anywhere. Key Responsibilities: - Perform deep-dive mobile assessments by conducting manual penetration testing and runtime manipulation on complex iOS and Android applications, with a specific focus on identifying logic flaws and vulnerabilities in hybrid frameworks. - Conduct thick client and protocol analysis by reverse engineering desktop applications such as .NET, C++, and Java, and intercept non-proprietary traffic to identify security gaps in both legacy and modern client-server architectures. - Develop custom exploits beyond automated scanning tools by writing scripts in languages like Python and Frida to demonstrate proof-of-concept exploits and bypass client-side controls. - Collaborate with developers to provide code-level guidance and secure design patterns for strategic remediation, ensuring root causes of security issues are addressed effectively. - Create internal tools and integrate security checks into the CI/CD pipeline to scale offensive security capabilities through tooling and automation. Qualifications Required: - Proficiency in systems configuration, data gathering, and information synthesis in various areas of IT security, particularly in penetration testing. - Experience in conducting mobile assessments, reverse engineering desktop applications, and developing custom exploits to enhance security measures. - Strong communication skills to interface with internal business unit IT representatives and stakeholders at all levels during the performance of your duties. (Additional details of the company were not provided in the job description.) Role Overview: You have an amazing opportunity as an IT Security Analyst (Mobile Application & Thick Client Penetration Testing) within the Global Business Services division of Wolters Kluwer. Your role will be integral in ensuring the operation and delivery of critical security services to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets. This position is remote, offering you the flexibility to work from anywhere. Key Responsibilities: - Perform deep-dive mobile assessments by conducting manual penetration testing and runtime manipulation on complex iOS and Android applications, with a specific focus on identifying logic flaws and vulnerabilities in hybrid frameworks. - Conduct thick client and protocol analysis by reverse engineering desktop applications such as .NET, C++, and Java, and intercept non-proprietary traffic to identify security gaps in both legacy and modern client-server architectures. - Develop custom exploits beyond automated scanning tools by writing scripts in languages like Python and Frida to demonstrate proof-of-concept exploits and bypass client-side controls. - Collaborate with developers to provide code-level guidance and secure design patterns for strategic remediation, ensuring root causes of security issues are addressed effectively. - Create internal tools and integrate security checks into the CI/CD pipeline to scale offensive security capabilities through tooling and automation. Qualifications Required: - Proficiency in systems configuration, data gathering, and information synthesis in various areas of IT security, particularly in penetration testing. - Experience in conducting mobile assessments, reverse engineering desktop applications, and developing custom exploits to enhance security measures. - Strong communication skills to interface with internal business unit IT representatives and stakeholders at all levels during the performance of your duties. (Additional details of the company were not provided in the job description.)