Job Description

Execute vulnerability assessment of internal, external Mobile applications via automated and manual techniques to understand the risk and security posture of the Mobile applications Research, designs, and develops solutions meeting internal and external compliance, security requirements and standards for Site Security Reliability Engineering Drives defense-in-depth security for the organization to protect critical IT assets and data Develop and document security requirements for product teams Perform security testing and analysis of native iOS and Android applications (based on React Native) and Mobile Web experiences Review application design and architecture from security standpoint and provide recommendations Perform root cause analysis of security vulnerabilities and apply lessons learned Provide detailed documentation on security policies and remediation assistance Assist developers in remediation by sharing security concepts and security best practices Support and drive business unit and enterprise security programs as a Subject Matter Expert Assist the Enterprise Bug Bounty program Required Qualifications Ability to write and develop security requirements Experience in Mobile App Security Testing and using SAST (Veracode Preferred) /DAST (AppScan Enterprise Preferred) /Pen Testing tools, like BurpSuite . Ability to explain vulnerabilities in the OWASP Top 10 to relevant stakeholders and discuss ways to remediate it. Deep understanding of iOS and Android apps security principles and security best practices Deep understanding of React Native security best practices Basic understanding of iOS and Android internals Experience working with Swift, Objective-C, Java, JavaScript, React Native Digital Forensics experience with iOS and Android Preferred Qualifications Masters Degree in Marketing, Computer Science, Information Systems or related field At least 3-5 years experience in information security iOS and Android app development background At least one of the following security certifications in order of preference: o OSWE (web app focused) o OSCP (systems/network focused) o CISSP (general security) o CEH (general security) Certified in one or more public cloud Platforms (AWS or Azure or GCP) Development/submission of an app in iOS or Android app stores Experience in a large enterprise retail or consumer organization Contribution to open-source projects

foundit