Android IOS Security Engineer

Job Title: Android IOS Security Engineer

Location: Hybrid (Plano, TX)

Description:

Product Security Engineer will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.

Summary:

• Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
• Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
• Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
• Participate in the mobile application development, and facilitate the security requirements development and verification
• Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).
• Identify weak or deprecated algorithms used in 3rd party and internal libraries
• Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
• Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
• Participate in various security projects, technical design review, code review, and test specifications
• Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers

Requirements

• Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
• Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
• Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python
• The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
• Knowledge of Inter Process Communication (IPC) on Mobile Platforms
• Proficient in writing scripts in various languages such as Bash, and Python
• Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.
• Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
• Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
• Ability to articulate complex technical concepts to a non-technical audience
• Experience mobile application CI/CD pipeline
• Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts

Qualifications:

• Bachelor’s degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
• Strong background in security engineering, various authentication, and security protocols
• Strong understanding of Mobile OS security internals
• Hand-On experience with security testing tools, standards, and best practices
• Deep experience in mobile security, obfuscation techniques, and reverse engineering
• Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process

Vital Tech Solutions is an Equal Opportunity Affirmative Action employer. We prohibit discrimination in decisions concerning recruitment, hiring, compensation, benefits promotions, training, termination or any other condition of employment or career development. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, veteran status, disability status or any other legally protected status.