Product Security Engineer – Mobile App Security
Contract
Login to bookmark
Bookmark Details
Job Type:
Contract
Industry:
Company: Cinter Career Services
We are seeking a Product Security Engineersomeone who will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
Client (type/ industry): IT Solutions branch of a major Japanese company
- Working Location: Preferred On-Site (Plano, TX), Hybrid (if necessary)
- Employment Type: Contract (Contract: 6 months with possible extension)
- Salary: Up to $69/h
- Benefit: Full Benefits
- VISA support: NO/ United States (Required)
- Language: English
[Job Overview]
Duties/Responsibilities:
- Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
- Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
- Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
- Participate in the mobile application development, and facilitate the security requirements development and verification
- Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).
- Identify weak or deprecated algorithms used in 3rd party and internal libraries
- Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
- Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
- Participate in various security projects, technical design review, code review, and test specifications
- Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers
Requirements:
- Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
- Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
- Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python
- The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
- Knowledge of Inter Process Communication (IPC) on Mobile Platforms
- Proficient in writing scripts in various languages such as Bash, and Python
- Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.
- Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
- Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
- Ability to articulate complex technical concepts to a non-technical audience
- Experience mobile application CI/CD pipeline
- Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts
Qualifications:
- Bachelor’s degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
- Strong background in security engineering, various authentication, and security protocols
- Strong understanding of Mobile OS security internals
- Hand-On experience with security testing tools, standards, and best practices
- Deep experience in mobile security, obfuscation techniques, and reverse engineering
- Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
Benefits:
- Medical health insurance (including dental and vision)
- Competitive paid time off and company paid holidays
- Comp time for holidays worked
- 401k matching program
- Company profit sharing
- Merit increases and bonus structure
- Professional development and education reimbursement
Share
Facebook
X
LinkedIn
Telegram
Tumblr
Whatsapp
VK
Mail