Product Security Engineer – Mobile App Security

Industry:

Company: Cinter Career Services

We are seeking a Product Security Engineersomeone who will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.

Client (type/ industry): IT Solutions branch of a major Japanese company

• Working Location: Preferred On-Site (Plano, TX), Hybrid (if necessary)
• Employment Type: Contract (Contract: 6 months with possible extension)
• Salary: Up to $69/h
• Benefit: Full Benefits
• VISA support: NO/ United States (Required)
• Language: English

[Job Overview]
Duties/Responsibilities:

• Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
• Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
• Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
• Participate in the mobile application development, and facilitate the security requirements development and verification
• Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).
• Identify weak or deprecated algorithms used in 3rd party and internal libraries
• Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
• Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
• Participate in various security projects, technical design review, code review, and test specifications
• Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers

Requirements:

• Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
• Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
• Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python
• The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
• Knowledge of Inter Process Communication (IPC) on Mobile Platforms
• Proficient in writing scripts in various languages such as Bash, and Python
• Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.
• Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
• Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
• Ability to articulate complex technical concepts to a non-technical audience
• Experience mobile application CI/CD pipeline
• Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts

Qualifications:

• Bachelor’s degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
• Strong background in security engineering, various authentication, and security protocols
• Strong understanding of Mobile OS security internals
• Hand-On experience with security testing tools, standards, and best practices
• Deep experience in mobile security, obfuscation techniques, and reverse engineering
• Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process

Benefits:

• Medical health insurance (including dental and vision)
• Competitive paid time off and company paid holidays
• Comp time for holidays worked
• 401k matching program
• Company profit sharing
• Merit increases and bonus structure
• Professional development and education reimbursement