Description:
The Product Security Engineer will be responsible for comprehensive security testing, primarily focusing on Android and iOS application security. This role demands a highly technical, passionate, and autonomous individual who is driven by the desire to learn, problem-solve, and contribute to the team's overall success.

Summary of Responsibilities:

• Conduct both manual and automated security testing and requirements verification (e.g., MASVS/CWEs) for iOS and Android applications.
• Execute security assessments and penetration tests, encompassing mobile application binary analysis, source code review, IPC, and SDK analysis.
• Analyze application sandbox privilege issues on iOS and Android.
• Engage in mobile application development, facilitating security requirements development and verification.
• Detect hardcoded secrets, insecure storage, communication flaws, improper permissions, sensitive disclosures, and insecure data validation (e.g., DeepLinks, Exported Activities/Content Providers).
• Identify weak or deprecated algorithms in both third-party and internal libraries.
• Generate detailed reports, offer remediation recommendations, and support the enhancement of the security posture for Android and iOS applications.
• Utilize the Mobile Security Testing Guide to frame and execute tests on iOS and Android applications.
• Participate in various security projects, including technical design reviews, code reviews, and test specifications.
• Recognize the use of deprecated mobile components and methods, such as WebViews and vulnerable programmatic deeplink handlers.

Requirements:

• Proven experience in conducting security assessments at the OS or application level for iOS/Android applications.
• The ideal candidate is a highly technical, passionate, and self-driven individual who thrives on learning, problem-solving, and team growth.
• In-depth understanding of security testing frameworks for Android/iOS applications (e.g., OWASP, SANS).
• Advanced skills in secure coding best practices across multiple programming languages (e.g., C/C , Java, Objective-C, Swift, SwiftUI, Kotlin, Python).
• Proficiency in Inter-Process Communication (IPC) on mobile platforms.
• Expertise in scripting languages (e.g., Bash, Python).
• Strong knowledge of APIs and authentication protocols (e.g., OAuth, SAML).
• Understanding of the software development lifecycle (SDLC), cloud security, and reverse engineering for iOS/Android.
• Hands-on experience with testing tools such as Burp Suite, Frida, disassemblers, debuggers, dynamic instrumentation, and static code analysis.
• Ability to convey complex technical concepts to a non-technical audience.
• Experience with mobile application CI/CD pipelines.
• Competency in generating test reports, recommending appropriate actions, and supporting mitigation and re-validation efforts.

Qualifications:

• Bachelor’s degree (or higher) in Computer Science, Engineering, or a related discipline, or equivalent experience.
• Strong background in security engineering, including various authentication and security protocols.
• Comprehensive understanding of mobile OS security internals.
• Hands-on experience with security testing tools, standards, and best practices.
• Extensive experience in mobile security, obfuscation techniques, and reverse engineering.
• Solid knowledge of X.509, SSL/TLS certificates, and general certificate management processes.

Job Type: Full-time

Pay: $65.39 - $70.43 per hour

Expected hours: 40 per week

Benefits:

• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Vision insurance

Compensation package:

• Bonus opportunities

Experience level:

• 10 years
• 11 years

Schedule:

• 8 hour shift

Experience:

• Linux: 1 year (Preferred)
• Application security: 1 year (Required)

Work Location: On the road