Product Security Engineer - Mobile App Security

Plano, TX, United States

Are you passionate about safeguarding mobile applications and ensuring secure user experiences? Do you have a keen eye for identifying vulnerabilities and a proactive approach to mitigating security risks? If so, we invite you to join our dynamic team as a Product Security Engineer specializing in Mobile App Security.

Product Security Engineer will be responsible for end–to–end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self–driven individual who loves to learn, solve problems, and contribute to the advancement of the team.

Responsibilities: The Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android applications.

Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis.

Experience analyzing the application sandbox on iOS and Android privilege issues D(1 .

Participate in the mobile application development, and facilitate the security requirements development and verification.

Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).

Identify weak or deprecated algorithms used in 3rd party and internal libraries.

Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications.

Familiarity with the Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications.

Participate in various security projects, technical design reviews, code reviews, and test specifications.

Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deep link handlers.

Requirements: Hands–on experience performing security assessments on OS or application–level iOS/Android applications.

Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS).

Advanced skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python.

The successful candidate will be a highly technical, passionate, and self–driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team.

Knowledge of Inter–Process Communication (IPC) on Mobile Platforms.

Proficient in writing scripts in various languages such as Bash, and Python.

Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.

Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering.

Hand–on experience with testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis.

Ability to articulate complex technical concepts to a non–technical audience.

Experience in mobile application CI/CD pipeline.

Generating test reports, recommending the appropriate course of action, and supporting the mitigation and re–validation efforts.

Qualifications: Bachelor's degree (or higher) in Computer Science, Engineering, or related discipline, or equivalent experience.

Strong background in security engineering, various authentication, and security protocols.

Strong understanding of Mobile OS security internals.

Hand–on experience with security testing tools, standards, and best practices.

Deep experience in mobile security, obfuscation techniques, and reverse engineering.

Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process.

Benefits: 401(k).

Dental Insurance.

Health insurance.

Vision insurance.

We are an equal opportunity employer and value diversity, equality, inclusion, and respect for people.

The salary will be determined based on several factors including, but not limited to, location, relevant education, qualifications, experience, technical skills, and business needs.

Additional Responsibilities: Participate in OrangePeople monthly team meetings, and participate in team–building efforts.

Contribute to OrangePeople technical discussions, peer reviews, etc.

Contribute content and collaborate via the OP–Wiki/Knowledge Base.

Provide status reports to OP Account Management as requested.

About us:

OrangePeople is an Enterprise Architecture and Project Management solutions company. Our most valuable asset is our people: dynamic, creative thinkers, who are passionate about doing quality work. As a member of the OrangePeople team, you will have access to industry–leading consulting practices, strategies & and technologies, innovative training & and education. An ideal Orange Person is a technology leader with a proven track record of technical achievements and a strong process/methodology orientation. Product Security Engineer – Mobile App Security

#J-18808-Ljbffr