Manager - Application Security Job Details

Job Details

Manager - Application Security

Job Description

Requisition Number: 55608

Job Location: Bangalore, IND

Global Grade: Band 7

Work Type: Office Working

Employment Type: Permanent

Posting Start Date: 05/06/2026

Posting End Date: 30/06/2026

Job Description:

Job Summary

This role is responsible for leading and executing mobile application security testing across Android and iOS platforms, combining automated and manual assessment techniques to identify vulnerabilities in applications, APIs, and runtime behaviour. The role focuses on static and dynamic analysis, reverse engineering, runtime instrumentation, and validation against OWASP Mobile Application Security guidance, while partnering with development, QA, and Information Security teams to strengthen the security posture of mobile applications.

Key Responsibilities

Strategy

Participate in mobile application security testing strategy for Android and iOS applications, ensuring assessments align with OWASP Mobile Application Security Verification Standard (MASVS) and the OWASP Mobile Application Security Testing Guide (MASTG).
Drive the use of automated and manual testing approaches, including SAST, DAST, API security validation, and runtime instrumentation, to identify platform-specific and business logic weaknesses.
Define and evolve mobile AppSec testing standards covering insecure storage, weak transport protection, authentication flaws, insecure platform interaction, reverse engineering risks, and resilience against tampering.
Support the integration of mobile security testing into CI/CD workflows and provide technical input for scoping, effort estimation, and continuous improvement of the mobile security testing capability.
Act as a trusted mobile security subject matter expert who can clearly communicate security risks, remediation priorities, and testing outcomes to technical and non-technical stakeholders.

Business

Partner with AppDev, QA, Product, and Information Security stakeholders to embed secure mobile testing practices into delivery cycles, support client discussions, and provide clear recommendations that reduce risk while enabling business delivery.

Processes

Perform end-to-end mobile application security assessments for Android and iOS applications, including static analysis, dynamic analysis, API validation, and manual penetration testing.
Use tools such as MobSF, NowSecure, Quokka, Frida, Objection, Burp Suite, Jadx, APKTool, Xposed, Charles Proxy, and Postman to identify vulnerabilities across code, runtime behaviour, network communication, and exposed APIs.
Reverse engineer APKs and IPAs to uncover hardcoded secrets, insecure configurations, flawed trust implementations, weak cryptographic usage, and business logic issues.
Prepare high-quality technical reports including severity or risk ratings, proof of concept evidence, exploitability context, and practical remediation guidance mapped to mobile security requirements and standards.
Review junior analysts’ deliverables, mentor team members in mobile AppSec practices, and support pre-sales activities such as scoping, effort estimation, and technical solution discussions.

People & Talent

Mentor and train junior security analysts on Android and iOS testing approaches, tooling usage, reporting quality, and mobile application security fundamentals, while fostering strong collaboration across engineering and security teams.

Risk Management

Act as the mobile application security SME for risk, audit, and regulatory engagements, ensuring identified vulnerabilities are accurately articulated, prioritised, and tracked through remediation.
Support internal risk management processes by validating remediation, advising on secure coding controls, and highlighting mobile-specific risks such as insecure storage, weak certificate validation, jailbreak/root detection bypass, and runtime manipulation.

Governance

Prepare and maintain assessment metrics, testing quality standards, and reporting artefacts to support governance, service tracking, and continuous improvement of the mobile application security testing function.

Regulatory & Business Conduct

Display exemplary conduct and live by the Group's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders

Mobile Application Development Teams
Quality Assurance, Product, and Release Management Teams
Information Security, Risk, Audit, and Regulatory Stakeholders
DevSecOps, CI/CD, and API Platform Teams

Skills and Experience

Strong knowledge of mobile security architecture, Android and iOS internals, sandboxing, secure storage, transport security, and the OWASP MASVS / MASTG framework
Hands-on experience with mobile security tools including MobSF, NowSecure, Quokka, Frida, Objection, Burp Suite, Jadx, APKTool, Charles Proxy, and API testing tools such as Postman or Insomnia
Familiarity with mobile CI/CD security integration, automated scanning workflows, and secure release practices is desirable
Advanced knowledge of mobile application security testing, manual penetration testing, reverse engineering, SSL pinning bypass, jailbreaking/rooting, and runtime analysis techniques
Relevant hands-on experience in mobile application security testing, vulnerability assessment, and penetration testing across Android and iOS applications in enterprise environments
Ability to analyse code and binaries, validate false positives, prioritise risk, provide remediation guidance, and communicate findings effectively to developers and stakeholders.
Experience: 5+ years of in-depth, hands-on application development, hands-on working knowledge in security product management, application security technologies and operational experience in a global environment.

Qualifications

Education: Degree in computer science, information security, engineering, or a related discipline

Training: Hands-on training in Android and iOS application security testing, reverse engineering, runtime instrumentation, and API security testing

Certifications: CEH, eMAPT, eWPTXv2 preferred; mobile security and penetration testing certifications are advantageous

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
Flexible working options based around home and office locations, with flexible working patterns.
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Information at a Glance

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions	Consent to cookies from provider LinkedIn
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions	Consent to cookies from provider GoogleAnalytics
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions	Consent to cookies from provider GoogleTagManager