Sr. Application Security Engineer (seeking Mobile Development experience for iOS/Android)

Spectrum - Silver Spring, MD

posted about 1 month ago

Full-time - Mid Level
Silver Spring, MD
Telecommunications

About the position

As a Sr. Application Security Engineer at Warner Bros. Discovery, you will play a pivotal role within the Global Information and Content Security (GICS) team, focusing on the security of mobile applications across various platforms including iOS, Android, and hybrid environments. This position is designed for a professional who is not only technically proficient but also possesses the ability to collaborate effectively with software development and engineering teams. Your primary responsibility will be to ensure that secure architectures, patterns, and solutions are developed and maintained throughout the application lifecycle. You will work closely with product teams to build strong relationships that facilitate the implementation of effective security solutions for our products. In this role, you will be expected to maintain a comprehensive understanding of current and emerging secure mobile application technologies, products, and trends. You will install, configure, and maintain mobile app security assessment tools, ensuring they are integrated with existing CI/CD pipelines for automated and continuous security testing. Your expertise will extend to scanning applications on platforms such as AndroidTV, FireTV, and tvOS, providing a thorough security analysis. You will also develop and maintain scripts and tools for automating the upload of mobile binaries to security assessment tools, as well as generating and exporting security assessment reports. Customizing and optimizing reporting functionalities to meet organizational needs will be a key aspect of your responsibilities. You will collaborate with development and DevOps teams to integrate security assessment tools into the development lifecycle, ensuring that security is a fundamental component of the application development process. Additionally, you will monitor and troubleshoot any issues related to mobile app security assessment tools, ensuring they operate smoothly and are kept up to date with the latest security patches and updates. Your role will also involve sharing knowledge with team members and product teams, staying informed about the latest application security threats, vulnerabilities, and exploits to proactively address potential risks.

Responsibilities

  • Maintain knowledge of current and emerging secure mobile application technologies/products/trends
  • Install, configure, and maintain Mobile app security assessment tools for mobile application security assessments (iOS, Android, Roku, etc.)
  • Integrate Mobile app security assessment tools with existing CI/CD pipelines to ensure automated and continuous security testing
  • Extend Mobile app security assessment to scan AndroidTV, FireTV and tvOS applications for comprehensive security analysis
  • Develop and maintain scripts and tools for automated uploading of mobile binaries to Mobile app security assessment tools
  • Automate the generation and export of security assessment reports
  • Customize and optimize the Mobile app security assessment tools reporting functionality to meet organizational needs
  • Ensure the accuracy and comprehensiveness of the security assessment reports
  • Work closely with the development and DevOps teams to integrate Mobile app security assessment tools into the development lifecycle
  • Collaborate with security analysts to interpret and act on the findings from the Mobile app security assessment tools reports
  • Monitor and troubleshoot Mobile app security assessment tools-related issues and ensure the platform is running smoothly
  • Keep Mobile app security assessment tools and related tools up to date with the latest security patches and updates

Requirements

  • Proven experience in mobile application security testing and automation
  • Knowledge of security best practices and common mobile application vulnerabilities
  • Hands-on experience with containerization technologies (Docker, Kubernetes) is a plus
  • Proven experience building tools and automation to support an Application Security team
  • Strong understanding of software development methodologies and secure coding practices
  • Strong understanding of the SDLC and CI/CD pipelines
  • Experience developing iOS and Android mobile applications
  • Experience reading and comprehending code, discerning business logic, and identifying security flaws in mobile-relevant languages, such as Swift, Objective-C, Kotlin, Java, JavaScript, and TypeScript
  • Understanding of common mobile application authentication and encryption methods, including OAuth and PKI
  • Understanding of protocol and network analysis using mitmproxy and Wireshark
  • Understanding of platform-specific security features and best practices, such as Apple's App Transport Security, Android's Network Security Configuration, and Samsung Knox
  • Familiarity with platform-specific development environments, SDKs, and tools, such as Xcode for iOS, Android Studio for Android, and Samsung's Tizen Studio
  • Hands-on experience working with DevOps and Agile-driven product teams
  • Strong understanding of application security standards and practices, such as the OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Security Testing Guide (MSTG)
  • Excellent written and verbal communication skills

Nice-to-haves

  • Knowledge of cloud architecture and security principles
  • Bachelor's degree in IT, Computer Science, or Information Security preferred
  • ISC2 CSSLP, GIAC (GMOB, GWEB, GCSA), or other Security Certifications

Benefits

  • Career defining opportunities
  • Thoughtfully curated benefits
  • Tools to explore and grow into your best selves
  • Supportive work environment
  • Celebration of diversity and inclusion

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service