We are seeking a
Product Security Engineer someone who will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
Client (type/ industry): IT Solutions branch of a major Japanese company
-
Working Location: Preferred On-Site (Plano, TX), Hybrid (if necessary)
-
Employment Type: Contract (Contract: 6 months with possible extension)
-
Salary: Up to $69/h
-
Benefit: Full Benefits
-
VISA support: NO/ United States (Required)
-
Language: English
[Job Overview]
Duties/Responsibilities:-
Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
-
Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
-
Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
-
Participate in the mobile application development, and facilitate the security requirements development and verification
-
Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).
-
Identify weak or deprecated algorithms used in 3rd party and internal libraries
-
Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
-
Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
-
Participate in various security projects, technical design review, code review, and test specifications
-
Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers
Requirements:-
Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
-
Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
-
Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python
-
The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
-
Knowledge of Inter Process Communication (IPC) on Mobile Platforms
-
Proficient in writing scripts in various languages such as Bash, and Python
-
Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.
-
Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
-
Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
-
Ability to articulate complex technical concepts to a non-technical audience
-
Experience mobile application CI/CD pipeline
-
Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts
Qualifications:-
Bachelor’s degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
-
Strong background in security engineering, various authentication, and security protocols
-
Strong understanding of Mobile OS security internals
-
Hand-On experience with security testing tools, standards, and best practices
-
Deep experience in mobile security, obfuscation techniques, and reverse engineering
-
Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
Benefits:
-
Medical health insurance (including dental and vision)
-
Competitive paid time off and company paid holidays
-
Comp time for holidays worked
-
401k matching program
-
Company profit sharing
-
Merit increases and bonus structure
-
Professional development and education reimbursement
eTnjaB66ge