Sr. Application Security Engineer - Stefanini Group
Atlanta, GA 30302
About the Job
Job #58331
Stefanini Group is looking for Sr Application Security Engineer for a globally recognized company!
For interested applicants, click the apply button or you may reach out to Alfher Hidalgo at (248) 728-2627/Alfher.Hidalgo@stefanini.com for faster processing. Thank you!
For interested applicants, click the apply button or you may reach out to Alfher Hidalgo at (248) 728-2627/Alfher.Hidalgo@stefanini.com for faster processing. Thank you!
As a Sr. Application Security Engineer, you will be an important member of our client's Global Information and Content Security (GICS) team. This is a key role that will be focused on application security for mobile applications - native, native mobile, and hybrid. You will be a valued partner to software development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained. This person will work closely with our client's product teams and will build relationships with engineering groups to support effective security solutions for our products.
Operations
- Maintain knowledge of current and emerging secure mobile application technologies/products/trends
- Install, configure, and maintain Mobile app security assessment tools for mobile application security assessments (iOS, Android, Roku, etc.).
- Integrate Mobile app security assessment tools with existing CI/CD pipelines to ensure automated and continuous security testing.
- Extend Mobile app security assessment to scan AndroidTV, FireTV and tvOS applications for comprehensive security analysis.
- Develop and maintain scripts and tools for automated uploading of mobile binaries to Mobile app security assessment tools.
- Automate the generation and export of security assessment reports.
- Customize and optimize the Mobile app security assessment tools reporting functionality to meet organizational needs.
- Ensure the accuracy and comprehensiveness of the security assessment reports.
- Work closely with the development and DevOps teams to integrate Mobile app security assessment tools into the development lifecycle.
- Collaborate with security analysts to interpret and act on the findings from the Mobile app security assessment tools reports.
- Monitor and troubleshoot Mobile app security assessment tools - related issues and ensure the platform is running smoothly.
- Keep Mobile app security assessment tools and related tools up to date with the latest security patches and updates.
Technical
- Proficiency in setting up and managing Mobile app security assessment tools or similar mobile security assessment tools.
- Strong scripting skills in Python, Shell, or other relevant languages.
- Experience with CI/CD tools such as Jenkins, GitLab CI, or CircleCI.
- Familiarity with mobile application development frameworks (Android and iOS).
- Experience with integrating security tools for Android TV and tvOS applications.
- Build, maintain, and utilize security tools for the Application Security program
- Identify and define mobile application security requirements and security baselines
- Actively and continuously share role-specific knowledge with team members and product teams
- Stay up to date with the latest application security threats, vulnerabilities, and exploits.
Ideal Qualifications & Experience
- Proven experience in mobile application security testing and automation
- Knowledge of security best practices and common mobile application vulnerabilities
- Hands-on experience with containerization technologies (Docker, Kubernetes) is a plus
- Proven experience building tools and automation to support an Application Security team
- Strong understanding of software development methodologies and secure coding practices
- Strong understanding of the SDLC and CI/CD pipelines
- Experience developing iOS and Android mobile applications
- Experience reading and comprehending code, discerning business logic, and identifying security flaws in mobile-relevant languages, such as Swift, Objective-C, Kotlin, Java, JavaScript, and TypeScript.
- Understanding of common mobile application authentication and encryption methods, including OAuth and PKI
- Understanding of protocol and network analysis using mitmproxy and Wireshark
- Understanding of platform-specific security features and best practices, such as Apple's App Transport Security, Android's Network Security Configuration, and Samsung Knox.
- Familiarity with platform-specific development environments, SDKs, and tools, such as Xcode for iOS, Android Studio for Android, and Samsung's Tizen Studio.
- Hands-on experience working with DevOps and Agile-driven product teams
- Strong understanding of application security standards and practices, such as the OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Security Testing Guide (MSTG)
- Excellent written and verbal communication skills
The Nice to Haves
- Knowledge of cloud architecture and security principles
- Bachelor"s degree in IT, Computer Science, or Information Security preferred.
- ISC2 CSSLP, GIAC (GMOB, GWEB, GCSA), or other Security Certifications.
Refcode: 58331_589
Source : Stefanini Group