|As a Mobile Security Engineer, you will be a mobile security technical resource on a highly skilled team responsible for advancing the Government’s mobile application security program. You will partake in implementing processes for the secure design of mobile applications which will include conducting vulnerability analysis, risk assessments, and the development of tools and solutions to assist in the identification and remediation of vulnerabilities.
This position requires a self-starter attitude where you take the lead on providing designs, making recommendations and overseeing the implementation of mobile security applications and policies. You must have deep experience in reviewing the security posture of mobile applications and the proven ability to work and partner with mobile developers to resolve security issues. You will have solid experience in threat modeling and identification techniques and experience in mobile code reviews, vulnerability detection, and root cause analysis as it relates to mobile security. You will have demonstratable and provable experience in building mobile application vulnerability detection tools. You must be a solid collaborator with other program engineers to ensure that the mobile security projects are synced to the other cybersecurity projects on the program.
What Skills We Are Looking For:
At a Minimum, You Will Bring These Qualifications:
- BS or MS degree in Computer Science/Electrical Engineering or equivalent practical experience
- 5+ years of experience in designing, implementing, testing and deploying software applications, with focus on performance, scalability and security with at least 2+ years of experience in mobile application security, secure mobile application design and architecture, threat modeling, code reviews, and cryptography
- Deep technical understanding of the OWASP Mobile and Web Top 10
- Experience in application security, network security, secure code analysis, cryptography and system security
- Current, hands-on experience in one or more general purpose programming languages including but not limited to: C/C++, Java, Objective C, Python
- Experience with building dynamic scanning/testing tools for mobile platforms
- Experience in secure coding techniques and source code analysis - ability to find security vulnerabilities in code, such as buffer overflows, integer overruns, etc.
- Excellent understanding of Mobile Platform Security - Android or iOS
- Ability to work independently and lead projects - from requirements analysis of features to release, and subsequent maintenance and support of these features
- Good verbal and written communication skills
- Experience with cellular, Wi-Fi, Bluetooth or other wireless technologies
- US Citizenship required
- Must meet eligibility requirements for access to classified information and be clearable to a Department of Homeland Security (DHS) EOD clearance that mirrors the requirements for a DoD Top Secret clearance. Active DoD clearance preferred.
- Experience in a DHS environment
- Current or previous (within the past 24 months) DHS EOD
- Android and iOS application security expertise
- Good understanding of Algorithms and Data Structures
- Knowledge of OAuth and Mobile API design
- Experience with handling OWASP Top 10 for Mobile
- Experience with building backend for mobile applications
- Knowledge of Secure Execution Environment (Trust Zone is preferable)
- Knowledge of secure protocols (SSL/TLS, SCP, CMS, X509)
- Ability to pick up new programming languages, such as Swift and Go
- Flexibility in moving to unfamiliar/new technologies