Cybersecurity is a company-wide priority at Equifax, and the Global Security organization plays a pivotal role in ensuring the confidentiality and integrity of Equifax's information systems and data. Equifax is considered to be a pioneer in cybersecurity, and our goal is to continue innovating to further establish our position as a security leader in the financial services sector. We are seeking a seasoned mobile application security architect who has a thorough understanding of secure software development practices. You will collaborate with cross-functional teams to research and develop architectural patterns and guidelines that allow application teams to integrate secure development principles.
What you'll Do:
Provide application security subject matter expertise, roadmaps, strategies, and reference architectures targeted specifically for mobile applications.
Provide thought leadership in the areas of mobile application security and vulnerability management, including providing strategies for risk reduction.
Create comprehensive architectural patterns for secure development standards.
Develop and maintain security policies, standards, and guidelines.
Develop strategies to detect security vulnerabilities throughout the development process and develop mitigation strategies to address identified vulnerabilities
Ensure mobile applications comply with industry best practices, regulations, and corporate standards.
Collaborate with cross-functional teams to identify mobile application vulnerabilities, design secure application architectures, and assist with the integration of security measures into the development process.
Assist teams with threat modeling and security analysis and provide security training and awareness programs for development and QA teams.
What experience you'll need:
Bachelor's degree in Engineering, Mathematics, Information Technology, or a related field.
Minimum of 7-10 years experience in software engineering, architecture, and software security, with at least 3 years in mobile application security.
Understand secure application engineering best practices, articulate problem statements, and propose solutions to both technically savvy and non-technical audiences.
Deep understanding of programming languages and frameworks used for mobile application development.
Understand the security tooling landscape and have experience implementing large-scale security programs at organizations with complex application architectures.
Strong understanding of past, current, and emerging software security exploits and knowledge of encryption protocols and authentication mechanisms.
Proven experience in designing and implementing security solutions for mobile platforms (iOS, Android), including experience with threat modeling and risk assessment methodologies.
Knowledge of OWASP Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Mobile Application Security Testing (MAST), API Security Testing Tools, Automated Mobile Testing, and Threat Modeling tools. Also have relevant security certifications (e.g., CISSP, OSCP, GWEB, CEH, GRTP, GWEB).
Excellent analytical and problem-solving skills and strong communication and interpersonal skills. Also have the ability to work independently or as part of a team.
What could set you apart:
Advanced degree in Information Security, Cybersecurity, or a related field.
Experience with DevSecOps practices and tools.
Experience implementing security solutions within GCP or AWS.
Experience in securing API integrations and backend services for mobile apps.
Experience with multiple languages such as Java, React, Node JS, PHP, Scala, C, and/or Python.
Familiarity with common build/automation tooling (e.g. Jenkins, GIT).
Sponsorship is not available for this position.
To adhere to our corporate location policies, this resource will be required to be local to the surrounding Atlanta, GA / St. Louis, MO and/or Reston, VA areas (or will be relocating). You are required to adhere to our Return To Office (RTO) / weekly onsite requirements (Tuesday, Wednesday, and Thursday). This individual can sit in one of the three locations mentioned.