Senior Application Security Engineer

About the position

The Senior Application Security Engineer will focus on enhancing the security of mobile applications developed for iOS and Android platforms. This role involves implementing secure coding practices, conducting vulnerability assessments, and integrating security into the software development lifecycle (SDLC). The engineer will collaborate with cross-functional teams to ensure that applications are secure and compliant with industry standards, making a significant impact on the security posture of global clients.

Responsibilities

• Implement and promote secure coding practices in mobile application development for iOS and Android platforms.
• Identify and address platform-specific security vulnerabilities in iOS and Android applications.
• Perform manual and automated code reviews of mobile applications to detect security flaws and ensure compliance with security standards.
• Conduct regular vulnerability assessments on mobile applications and manage remediation efforts.
• Integrate security tools and processes into mobile CI/CD pipelines, automating security testing and compliance checks for iOS and Android deployments.
• Conduct threat modeling exercises specific to mobile applications to identify potential security threats and recommend mitigation strategies.
• Perform security assessments, including penetration testing and application security testing on mobile platforms.
• Develop and enforce security policies, standards, and guidelines tailored to mobile application development, ensuring compliance with industry regulations.
• Provide training and guidance on secure coding practices for mobile development teams and educate them on emerging mobile security threats.
• Work closely with mobile development, QA, and operations teams to embed security throughout the mobile application SDLC.
• Monitor mobile applications for security incidents and participate in incident response efforts related to mobile platforms.

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field.
• Extensive experience in software development and application security, with a focus on mobile applications for iOS and Android.
• Proficiency in programming languages used in mobile development, such as Swift, Objective-C, Java, and Kotlin.
• Knowledge of common mobile security vulnerabilities (e.g., OWASP Mobile Top Ten) and remediation techniques.
• Experience with mobile security tools (SAST, DAST, mobile application security testing tools).
• Familiarity with mobile DevSecOps practices and CI/CD tools specific to mobile app deployment.
• Understanding of iOS and Android security frameworks, APIs, and best practices.

Nice-to-haves

• Certifications such as CISSP, CSSLP, CEH, or GMOB (GIAC Mobile Device Security Analyst).
• Experience with mobile application security testing tools (e.g., MobSF, Drozer, Frida).
• Knowledge of secure app distribution methods and protection against reverse engineering and tampering.
• Understanding of App Store and Google Play Store security guidelines and compliance requirements.
• Experience with mobile encryption techniques, secure storage, and key management.