Job Title: Lead Mobile Security Engineer
Location: San Fransisco, CA
Duration: 6 months CTH
Major Skills: Security, CISSP, mobile security expereince
Identify Recruiting currently has a need of high urgency with one of it’s direct clients for a Lead Mobile Security Engineer. Since the top concern of mobile banking users is security, this role will serve to ensure that our solution can consistently keep our users safe through enterprise-grade security. This position will help lead the effort to analyze and remedy security issues around our mobile, web, and server software applications, as well as internal and external supporting tools. This role is responsible for supporting the team through the security development lifecycle by developing best practices, performing scans, managing escalations, designing and implementing security measures, providing supporting documentation, and driving security-related capabilities and tooling.
This is an expert/lead role. The selected candidate has team leadership duties, including instructing, assigning and checking the work of other Software Engineers. This person assists in planning, organizing and controlling the activities of the team. They will also coordinates the activities of the team with other IT teams and the product management team. The candidate acts as expert technical resource to software engineering staff in the development, testing and implementation processes, and frequently acts as a Project Leader.
- Serve as expert responsible for tracking, remediating and preparing action plans regarding security concerns.
- Maintain security roadmaps on security state and top risks across products.
- Try to break our systems and APIs to ensure that no one else can.
- Perform internal scans, evaluate third party scans, and analyze results.
- Conduct security reviews of application architectures to assess technical and business risk, identify threats and vulnerabilities, and propose solutions.
- Analyze and replicate attacks using advanced industry tools.
- Participate in software design process to identify thread models, perform design, and code reviews.
- Work hands-on to improve and extend our security frameworks.
- Understand and evangelize industry best practices, drive internal awareness sessions, and workshops.
- Keep up to date on latest attack trends and methods, particularly those concerning mobile and web applications.
- Develop test plans for security verification and assist development teams with security testing methodologies and tools.
- 10+ years software engineering experience.
- 4+ years of professional software security experience.
- 2+ years of experience in application security architecture and design.
- Understanding of security concepts of Internet technologies, architectures, and protocols: browsers, cookies, web servers, proxies, firewalls, sockets, TCP/IP. SSL, PKI, X509, SAML and OAuth.
- Proven understanding of Cryptography and Java Security APIs.
- Proficiency in Enterprise Java application architectures and broad knowledge of security-related OSS libraries, such as Spring Security.
- In-depth and hands-on experience with application servers and web service standards and technologies (REST / JAX-RS, SOAP).
- Understanding of static code analysis tools such as Fortify.
- Awareness of standards relevant to the software industry (e.g. ISO, CMM, Six Sigma).
- BS/BA in Computer Engineering, Computer Science or equivalent combination of education and experience.
- Outstanding verbal and written communication skills, as well as excellent analytical, decision-making, problem-solving, organizational and time management skills.
- Experience with securing iOS or Android apps or experience working in the Finance Industry (desired).