Tech Lead (Mobile App Auditor)

Job Title - Tech Lead (Mobile App Auditor)

Job Location - Remote (would require visit to Pune once in a quarter)

About the role

As Tech Lead, you will own the technical direction and execution of a product that turns real mobile app behavior into audit-ready evidence and developer-actionable fixes. Privacy enforcement is getting stricter and more technical.

Our client is explicitly hiring research/technology experts to perform privacy and security audits—another signal that audits are becoming engineering-grade. Mobile is where the truth is hardest to see and hardest to prove. SDKs evolve quickly, consent behavior changes by region, and many apps ship with anti-tamper protections that resist analysis.

This role is for a strong engineer with 5+ years of experience who wants broader ownership: you’ll partner with Product and tech leadership on the roadmap, lead execution end-to-end, and scale a high-availability scanning platform (devices + backend + distributed execution) that enterprises rely on.

The product you’ll build: Mobile App Auditor is positioned as a continuous mobile privacy auditing platform for iOS and Android apps.

It is designed to:

• Scan mobile apps (iOS and Android) and evaluate privacy compliance by location.
• Simulate real consent actions—including accept, reject, and no action—to observe how behavior changes.
• Detect SDKs and data flows to third parties, helping teams understand what personal data is collected/shared and where it goes (including cross-border flows).
• Produce actionable outputs that teams can use to remediate issues, supported by evidence from runtime behavior.
• As Tech Lead, you will own the engine behind this: the runtime execution environment, consent simulations, traffic capture and analysis, evidence pipeline, backend services, and the reliability of the device infrastructure that powers it.

What you will do

1) Tech leadership and roadmap execution

• Collaborate with the Product Manager and engineering leadership on roadmap, milestones, and technical strategy.
• Own end-to-end execution: architecture, design reviews, delivery plans, quality gates, and launch readiness.
• Define and track success metrics (scan reliability, coverage, throughput, evidence quality, latency, and SLA performance).

2) Build and scale the distributed audit engine

• Design and scale distributed systems for scan orchestration using queues (prioritization, retries, idempotency, backpressure, isolation, multi-tenant fairness).
• Own reliability and observability across the pipeline: structured logs, traces, scan artifacts, failure classification, and automated diagnostics.
• Drive performance improvements across scan time, concurrency, and infrastructure cost.

3) Mobile runtime research leadership (Android + iOS)

• Lead strategies to run hardened apps reliably in authorized test environments, including: ○ Certificate/SSL pinning, runtime integrity checks, anti-debugging, emulator detection, root/jailbreak detection, and tamper detection.
• Build reusable toolkits and runbooks (Frida scripts, ADB workflows, iOS debugging workflows, traffic capture/analysis helpers).
• Maintain a knowledge base of patterns by SDK, framework, and protection vendor, including mitigations and known limitations. 4) Consent simulation and evidence-grade findings
• Own consent-driven testing flows (accept, reject, no action) and validate how data flows and SDK behaviors change.
• Improve explain ability and evidence quality so outputs are customer-ready and developer-ready (what happened, under which conditions, what data elements, which SDK/endpoint, and how to reproduce).
• Turn recurring findings into platform improvements and safer defaults.

5) Own device infrastructure, vendor relationships, and uptime SLAs

• Own the device and execution infrastructure (Android + iOS) including capacity planning, stability, and cost-performance.
• Manage vendor relationships for device farms and supporting infrastructure. Own evaluation, contracting inputs, renewals, and escalation paths.
• Define and own SLAs for device uptime and scan execution reliability (availability, success rate, MTTR).
• Drive incident response, postmortems, and systemic fixes with strong operational rigor.

6) Customer impact and escalation leadership

• Partner with CSM and incident response workflows to unblock high-priority customer issues.
• Join customer calls when needed to troubleshoot live, explain constraints clearly, and align on next steps.
• Convert escalations into durable product improvements and better automation.

Qualifications Must-have

• 5+ years of professional engineering experience with readiness to take broader ownership as a tech lead (roadmap execution, quality, operations).
• Strong hands-on experience with Android and iOS debugging in real-world apps.
• Proven runtime instrumentation experience (Frida or equivalent) and network debugging (MITM tooling, TLS/cert fundamentals).
• Experience building and/or analyzing mobile anti-tampering / security controls such as root/jailbreak detection and SSL/certificate pinning, and ability to reason about runtime integrity and anti-debugging patterns.

Strong backend experience in at least one of:

1. Java with Spring Boot
2. Python with Django 3 Confidential
3. Equivalent backend stacks with production ownership

• Experience designing and scaling distributed systems using queues and async workers (retries, idempotency, backpressure).
• Ability to write clear runbooks, drive root-cause analysis, and improve systems with measurable outcomes.

Nice-to-have

• Rooted Android and Magisk experience, including creating or modifying modules for testing.
• Familiarity with Play Integrity API / SafetyNet realities and practical debugging in hardened environments.
• Knowledge of mobile protection/obfuscation ecosystems (anti-hooking, anti-debugging, runtime integrity).
• Exposure to React Native, Flutter, and native stacks.