Beacon Hill Staffing Group - Topeka, KS
posted about 1 month ago
About the position
We are seeking skilled Sr. Application Security Engineers, Application Security Engineers, and Software Security Specialists to join our team. The ideal candidate will specialize in secure code development and review, software security and vulnerability scanning, DevSecOps practices, threat modeling, and ensuring our codebase is secure and free from exploits and vulnerabilities. This role involves collaborating with cross-functional teams to integrate security into all stages of the software development lifecycle (SDLC), with a specific focus on mobile application development for iOS and Android platforms. This role offers the opportunity to make a significant positive impact on the security posture of our global clients.
Responsibilities
- Implement and promote secure coding practices in mobile application development for iOS and Android platforms.
- Identify and address platform-specific security vulnerabilities in iOS and Android applications.
- Perform manual and automated code reviews of mobile applications to detect security flaws and ensure compliance with security standards.
- Conduct regular vulnerability assessments on mobile applications and manage remediation efforts.
- Integrate security tools and processes into mobile CI/CD pipelines, automating security testing and compliance checks for iOS and Android deployments.
- Conduct threat modeling exercises specific to mobile applications to identify potential security threats and recommend mitigation strategies.
- Perform security assessments, including penetration testing and application security testing on mobile platforms.
- Develop and enforce security policies, standards, and guidelines tailored to mobile application development, ensuring compliance with industry regulations.
- Provide training and guidance on secure coding practices for mobile development teams and educate them on emerging mobile security threats.
- Work closely with mobile development, QA, and operations teams to embed security throughout the mobile application SDLC.
- Monitor mobile applications for security incidents and participate in incident response efforts related to mobile platforms.
Requirements
- Bachelor's degree in Computer Science, Information Security, or related field.
- Extensive experience in software development and application security, with a focus on mobile applications for iOS and Android.
- Proficiency in programming languages used in mobile development, such as Swift, Objective-C, Java, and Kotlin.
- Knowledge of common mobile security vulnerabilities (e.g., OWASP Mobile Top Ten) and remediation techniques.
- Experience with mobile security tools (SAST, DAST, mobile application security testing tools).
- Familiarity with mobile DevSecOps practices and CI/CD tools specific to mobile app deployment.
- Understanding of iOS and Android security frameworks, APIs, and best practices.
Nice-to-haves
- Certifications such as CISSP, CSSLP, CEH, or GMOB (GIAC Mobile Device Security Analyst).
- Experience with mobile application security testing tools (e.g., MobSF, Drozer, Frida).
- Knowledge of secure app distribution methods and protection against reverse engineering and tampering.
- Understanding of App Store and Google Play Store security guidelines and compliance requirements.
- Experience with mobile encryption techniques, secure storage, and key management.
