Product Security Engineer - Mobile App Security

Position Title : Product Security Engineer Mobile App Security

Location : Plano TX 75094 ( Hybrid 3 days a week )

Responsibilities:

The Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android applications.

Perform security assessment and penetration testing including but not limited to mobile application binary analysis source code review IPC and SDK analysis.

Experience analyzing the application sandbox on iOS and Android privilege issuesD(1.

Participate in the mobile application development and facilitate the security requirements development and verification.

Identify hardcoded secrets insecure storage insecure communication improper permissions sensitive disclosure and insecure use and validation of data entering platform features (i.e. DeepLinks Exported Activities/Content Providers).

Identify weak or deprecated algorithms used in 3rd party and internal libraries.

Produce reports/artifacts recommendations for remediations and provide support to strengthen the security posture of Android/iOS applications.

Familiarity with the Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications.

Participate in various security projects technical design reviews code reviews and test specifications.

Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deep link handlers.

Requirements:

Handson experience performing security assessments on OS or applicationlevel iOS/Android applications.

Strong understanding of security testing framework for Android/iOS applications (e.g. OWASP SANS).

Advanced skills in secure coding best practices in any programming languages such as C/C Java Objective C Swift SwiftUI Kotlin and Python.

The successful candidate will be a highly technical passionate and selfdriven individual who loves to learn solve problems grow and contribute to the advancement of the team.

Knowledge of InterProcess Communication (IPC) on Mobile Platforms.

Proficient in writing scripts in various languages such as Bash and Python.

Proficient knowledge of APIs and authentication protocols such as OAuth SAML etc.

Knowledge of software development lifecycle (SDLC) cloud security and iOS/Android reverse engineering.

Handon experience with testing tools such as Burp Suite Frida dissemblers debuggers dynamic instrumentations and static code analysis.

Ability to articulate complex technical concepts to a nontechnical audience.

Experience in mobile application CI/CD pipeline.

Generating test reports recommending the appropriate course of action and supporting the mitigation and revalidation efforts.

Qualifications:

Bachelors degree (or higher) in Computer Science Engineering or related discipline or equivalent experience.

Strong background in security engineering various authentication and security protocols.

Strong understanding of Mobile OS security internals.

Handon experience with security testing tools standards and best practices.

Deep experience in mobile security obfuscation techniques and reverse engineering.

Strong knowledge and understanding of X.509 SSL/TLS certificate and general certificate management process.