Vital Tech Solutions (F/K/A Westbe) - Dallas, TX
posted 2 months ago
The Mobile Application Security Engineer will play a crucial role in ensuring the security of mobile applications by conducting comprehensive security testing and requirements verification for both Android and iOS platforms. This position requires a highly technical and passionate individual who is self-driven and eager to learn and solve complex problems. The successful candidate will be responsible for end-to-end security testing, focusing on manual and automated security assessments, including the Mobile Application Security Verification Standard (MASVS) and Common Weakness Enumerations (CWEs). In this role, the engineer will perform security assessments and penetration testing, which includes mobile application binary analysis, source code review, inter-process communication (IPC) analysis, and software development kit (SDK) analysis. The engineer will also analyze application sandbox privilege issues on both iOS and Android platforms. Participation in mobile application development is essential, as the engineer will facilitate the development and verification of security requirements. The engineer will be tasked with identifying various security vulnerabilities, such as hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive data disclosures, and insecure data validation within platform features like DeepLinks and Exported Activities/Content Providers. Additionally, the engineer will identify weak or deprecated algorithms used in third-party and internal libraries. The role involves producing detailed reports and artifacts, providing recommendations for remediation, and supporting efforts to strengthen the security posture of mobile applications. Familiarity with the Mobile Security Testing Guide is necessary, as the engineer will leverage this framework to test both iOS and Android applications. The engineer will also participate in various security projects, technical design reviews, code reviews, and test specifications, while identifying deprecated mobile components and methods, such as WebViews and vulnerable programmatic deeplink handlers. This position is ideal for someone who is not only technically skilled but also enjoys contributing to the advancement of the team and the organization as a whole.