Cinter Career is Hiring a Product Security Engineer - Mobile App Security Near Plano, TX
Job Description
Job Description
We are seeking a Product Security Engineer someone who will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team. Client (type/ industry): IT Solutions branch of a major Japanese company
Working Location: Preferred On-Site (Plano, TX), Hybrid (if necessary)
Employment Type: Contract (Contract: 6 months with possible extension)
Salary: Up to $69/h
Benefit: Full Benefits
VISA support: NO/ United States (Required)
Language: English
[Job Overview] Duties/Responsibilities:
Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android application
Perform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysis
Experience analyzing the application sandbox on iOS and Android privilege issues[D(1]
Participate in the mobile application development, and facilitate the security requirements development and verification
Identify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).
Identify weak or deprecated algorithms used in 3rd party and internal libraries
Produce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applications
Familiarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applications
Participate in various security projects, technical design review, code review, and test specifications
Identify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlers
Requirements:
Hands-on experience performing security assessments on OS or application-level of iOS/Android applications
Strong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)
Advance skills in secure coding best practices in any programming languages such as C/C , Java, Objective C, Swift, SwiftUI, Kotlin, and Python
The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the team
Knowledge of Inter Process Communication (IPC) on Mobile Platforms
Proficient in writing scripts in various languages such as Bash, and Python
Proficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.
Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineering
Hand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysis
Ability to articulate complex technical concepts to a non-technical audience
Experience mobile application CI/CD pipeline
Generating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation efforts
Qualifications:
Bachelor’s degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experience
Strong background in security engineering, various authentication, and security protocols
Strong understanding of Mobile OS security internals
Hand-On experience with security testing tools, standards, and best practices
Deep experience in mobile security, obfuscation techniques, and reverse engineering
Strong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
Benefits:
Medical health insurance (including dental and vision)
Competitive paid time off and company paid holidays
Comp time for holidays worked
401k matching program
Company profit sharing
Merit increases and bonus structure
Professional development and education reimbursement