Cinter Career Services
Product Security Engineer - Mobile App Security
Cinter Career Services, Plano, Texas, us, 75086
We are seeking a
Product Security Engineer someone who will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
Client (type/ industry): IT Solutions branch of a major Japanese companyWorking Location: Preferred On-Site (Plano, TX), Hybrid (if necessary)Employment Type: Contract (Contract: 6 months with possible extension)Salary: Up to $69/hBenefit: Full BenefitsVISA support: NO/ United States (Required)Language: English[Job Overview]Duties/Responsibilities:
Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android applicationPerform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysisExperience analyzing the application sandbox on iOS and Android privilege issues[D(1]Participate in the mobile application development, and facilitate the security requirements development and verificationIdentify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).Identify weak or deprecated algorithms used in 3rd party and internal librariesProduce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applicationsFamiliarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applicationsParticipate in various security projects, technical design review, code review, and test specificationsIdentify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlersRequirements:
Hands-on experience performing security assessments on OS or application-level of iOS/Android applicationsStrong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and PythonThe successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the teamKnowledge of Inter Process Communication (IPC) on Mobile PlatformsProficient in writing scripts in various languages such as Bash, and PythonProficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineeringHand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysisAbility to articulate complex technical concepts to a non-technical audienceExperience mobile application CI/CD pipelineGenerating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation effortsQualifications:
Bachelor's degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experienceStrong background in security engineering, various authentication, and security protocolsStrong understanding of Mobile OS security internalsHand-On experience with security testing tools, standards, and best practicesDeep experience in mobile security, obfuscation techniques, and reverse engineeringStrong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
Benefits:
Medical health insurance (including dental and vision)Competitive paid time off and company paid holidaysComp time for holidays worked401k matching programCompany profit sharingMerit increases and bonus structureProfessional development and education reimbursement
Product Security Engineer someone who will be responsible for end-to-end security testing with a focus on Android/iOS application security. The successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, and contribute to the advancement of the team.
Client (type/ industry): IT Solutions branch of a major Japanese companyWorking Location: Preferred On-Site (Plano, TX), Hybrid (if necessary)Employment Type: Contract (Contract: 6 months with possible extension)Salary: Up to $69/hBenefit: Full BenefitsVISA support: NO/ United States (Required)Language: English[Job Overview]Duties/Responsibilities:
Mobile Application Security Engineer will be responsible for conducting manual and automated Security testing and requirements verification such as MASVS/CWEs on iOS/Android applicationPerform security assessment, and penetration testing including but not limited to mobile application binary analysis, source code review, IPC, and SDK analysisExperience analyzing the application sandbox on iOS and Android privilege issues[D(1]Participate in the mobile application development, and facilitate the security requirements development and verificationIdentify hardcoded secrets, insecure storage, insecure communication, improper permissions, sensitive disclosure, and insecure use and validation of data entering platform features (i.e. DeepLinks, Exported Activities/Content Providers).Identify weak or deprecated algorithms used in 3rd party and internal librariesProduce reports/artifacts, recommendations for remediations, and provide support to strengthen the security posture of Android/iOS applicationsFamiliarity with Mobile Security Testing Guide and ability to leverage the framework and test both iOS and Android applicationsParticipate in various security projects, technical design review, code review, and test specificationsIdentify the use of deprecated mobile components and methods such as WebViews and vulnerable programmatic deeplink handlersRequirements:
Hands-on experience performing security assessments on OS or application-level of iOS/Android applicationsStrong understanding of security testing framework for Android/iOS applications (e.g., OWASP, SANS)Advance skills in secure coding best practices in any programming languages such as C/C++, Java, Objective C, Swift, SwiftUI, Kotlin, and PythonThe successful candidate will be a highly technical, passionate, and self-driven individual who loves to learn, solve problems, grow, and contribute to the advancement of the teamKnowledge of Inter Process Communication (IPC) on Mobile PlatformsProficient in writing scripts in various languages such as Bash, and PythonProficient knowledge of APIs, and authentication protocols such as OAuth, SAML, etc.Knowledge of software development lifecycle (SDLC), cloud security, and iOS/Android reverse engineeringHand-On experience on testing tools such as Burp Suite, Frida, dissemblers, debuggers, dynamic instrumentations, and static code analysisAbility to articulate complex technical concepts to a non-technical audienceExperience mobile application CI/CD pipelineGenerating test reports, and recommending the appropriate course of action, and supporting the mitigation and re-validation effortsQualifications:
Bachelor's degree (or higher) in Computer Science, Engineering or related discipline, or equivalent experienceStrong background in security engineering, various authentication, and security protocolsStrong understanding of Mobile OS security internalsHand-On experience with security testing tools, standards, and best practicesDeep experience in mobile security, obfuscation techniques, and reverse engineeringStrong knowledge and understanding of X.509, SSL/TLS certificate, and general certificate management process
Benefits:
Medical health insurance (including dental and vision)Competitive paid time off and company paid holidaysComp time for holidays worked401k matching programCompany profit sharingMerit increases and bonus structureProfessional development and education reimbursement