Product Security Engineer- Mobile Application Security

Neumeric Technologies Corporation - Plano, TX

posted 4 months ago

Full-time - Mid Level
Plano, TX
Professional, Scientific, and Technical Services

About the position

The Product Security Engineer for Mobile Application Security will play a crucial role in ensuring the security of mobile applications, specifically focusing on Android and iOS platforms. This position requires a highly technical and passionate individual who is self-driven and eager to learn and solve complex problems. The engineer will be responsible for conducting comprehensive security testing, which includes both manual and automated assessments, to verify security requirements such as the Mobile Application Security Verification Standard (MASVS) and Common Weakness Enumerations (CWEs). In this role, the engineer will perform security assessments and penetration testing, which encompasses mobile application binary analysis, source code review, inter-process communication (IPC) analysis, and software development kit (SDK) analysis. A significant part of the job involves analyzing the application sandbox on both iOS and Android platforms to identify privilege issues. The engineer will also participate in mobile application development, facilitating the development and verification of security requirements. The engineer will be tasked with identifying various security vulnerabilities, including hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive data disclosures, and insecure data validation within platform features such as DeepLinks and Exported Activities/Content Providers. Additionally, the engineer will need to identify weak or deprecated algorithms used in third-party and internal libraries. The role requires producing detailed reports and artifacts, offering remediation recommendations, and providing support to enhance the security posture of mobile applications. Familiarity with the Mobile Security Testing Guide is essential, as the engineer will leverage this framework to test both iOS and Android applications. Participation in various security projects, technical design reviews, code reviews, and test specifications will also be part of the responsibilities.

Responsibilities

  • Conduct manual and automated security testing for Android/iOS applications.
  • Perform security assessments and penetration testing, including mobile application binary analysis and source code review.
  • Analyze application sandbox privilege issues on iOS and Android.
  • Facilitate the development and verification of security requirements in mobile application development.
  • Identify vulnerabilities such as hardcoded secrets, insecure storage, and improper permissions.
  • Produce reports and recommendations for remediation to strengthen application security.
  • Participate in security projects, technical design reviews, and code reviews.
  • Identify deprecated mobile components and methods used in applications.

Requirements

  • Hands-on experience performing security assessments on iOS/Android applications.
  • Strong understanding of security testing frameworks for mobile applications (e.g., OWASP, SANS).
  • Advanced skills in secure coding best practices in languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and Python.
  • Knowledge of Inter Process Communication (IPC) on mobile platforms.
  • Proficient in writing scripts in languages such as Bash and Python.
  • Proficient knowledge of APIs and authentication protocols (e.g., OAuth, SAML).
  • Knowledge of software development lifecycle (SDLC) and cloud security.
  • Hands-on experience with security testing tools such as Burp Suite, Frida, and static code analysis tools.
  • Ability to articulate complex technical concepts to non-technical audiences.
  • Experience with mobile application CI/CD pipelines.

Nice-to-haves

  • Experience with mobile security obfuscation techniques and reverse engineering.
  • Strong knowledge of X.509, SSL/TLS certificates, and certificate management processes.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service