Our client is looking to hire a Product Security Engineer (Mobile Apllications).
Description:
Product Security Engineer will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
Summary:
- Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
- Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
- Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
- Participate in the mobile application development, and facilitate the security requirements development and verification
- Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).
- Identify weak or deprecated algorithms used in 3rd party and internal libraries
- Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
- Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
- Participate in various security projects, technical design review, code review, and test specifications
- Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers
Requirements:
- Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
- The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
- Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
- Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python
- Knowledge of Inter Process Communication (IPC) on Mobile Platforms
- Proficient in writing scripts in various languages such as Bash, and Python
- Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.
- Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
Ability to articulate complex technical concepts to a non-technical audience
Experience mobile application CI/CD pipeline
Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts
Qualifications:
- Bachelor’s degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
- Strong background in security engineering, various authentication, and security protocols
- Strong understanding of Mobile OS security internals
- Hand-On experience with security testing tools, standards, and best practices
- Deep experience in mobile security, obfuscation techniques, and reverse engineering
- Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
Who is Calance?
Calance is a global IT company with operations in the United States, Canada and India. Over the years, Calance has grown organically and has acquired numerous successful IT Services firms along the way. As a result, the company today is a mix of diverse cultures, talents and expertise that collaborate globally to bring our best capabilities and thinking to clients. Calance also offers benefits which includes Medical, Dental, Vision care and 401K.
Calance - the place to grow.
www.calance.com
Pay Range - $45-$55/Hr