Description:
Product Security Engineer will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
Summary:
- Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
- Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
- Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
- Participate in the mobile application development, and facilitate the security requirements development and verification
- Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers)
- Identify weak or deprecated algorithms used in 3rd party and internal libraries
- Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
- Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
- Participate in various security projects, technical design review, code review, and test specifications
- Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers
Requirements
Requirements
- Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
- Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
- Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python
- The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
- Knowledge of Inter Process Communication (IPC) on Mobile Platforms
- Proficient in writing scripts in various languages such as Bash, and Python
- Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc
- Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
- Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
- Ability to articulate complex technical concepts to a non-technical audience
- Experience mobile application CI/CD pipeline
- Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts
Qualifications:
- Bachelor's degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
- Strong background in security engineering, various authentication, and security protocols
- Strong understanding of Mobile OS security internals
- Hand-On experience with security testing tools, standards, and best practices
- Deep experience in mobile security, obfuscation techniques, and reverse engineering
- Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process