We are seeking skilled Sr. Application Security Engineers, Application Security Engineers, and Software Security Specialists to join our team. The ideal candidate will specialize in secure code development and review, software security and vulnerability scanning, DevSecOps practices, threat modeling, and ensuring our codebase is secure and free from exploits and vulnerabilities. This role involves collaborating with cross-functional teams to integrate security into all stages of the software development lifecycle (SDLC), with a specific focus on mobile application development for iOS and Android platforms.
This role offers the opportunity to make a significant positive impact on the security posture of our global clients. If you are passionate about mobile software security and eager to contribute to a dynamic team, we encourage you to apply.
Responsibilities
Secure Code Development: Implement and promote secure coding practices in mobile application development for iOS and Android platforms.
Mobile Application Security: Identify and address platform-specific security vulnerabilities in iOS and Android applications.
Code Review and Auditing: Perform manual and automated code reviews of mobile applications to detect security flaws and ensure compliance with security standards.
Vulnerability Scanning and Management: Conduct regular vulnerability assessments on mobile applications and manage remediation efforts.
DevSecOps Integration: Integrate security tools and processes into mobile CI/CD pipelines, automating security testing and compliance checks for iOS and Android deployments.
Threat Modeling: Conduct threat modeling exercises specific to mobile applications to identify potential security threats and recommend mitigation strategies.
Security Assessments and Testing: Perform security assessments, including penetration testing and application security testing on mobile platforms.
Policy Development and Compliance: Develop and enforce security policies, standards, and guidelines tailored to mobile application development, ensuring compliance with industry regulations.
Training and Awareness: Provide training and guidance on secure coding practices for mobile development teams and educate them on emerging mobile security threats.
Collaboration: Work closely with mobile development, QA, and operations teams to embed security throughout the mobile application SDLC.
Monitoring and Incident Response: Monitor mobile applications for security incidents and participate in incident response efforts related to mobile platforms.
Qualifications
Bachelor's degree in Computer Science, Information Security, or related field.
Extensive experience in software development and application security, with a focus on mobile applications for iOS and Android.
Proficiency in programming languages used in mobile development, such as Swift, Objective-C, Java, and Kotlin.
Knowledge of common mobile security vulnerabilities (e.g., OWASP Mobile Top Ten) and remediation techniques.
Experience with mobile security tools (SAST, DAST, mobile application security testing tools).
Familiarity with mobile DevSecOps practices and CI/CD tools specific to mobile app deployment.
Understanding of iOS and Android security frameworks, APIs, and best practices.
Preferred Qualifications
Certifications such as CISSP, CSSLP, CEH, or GMOB (GIAC Mobile Device Security Analyst).
Experience with mobile application security testing tools (e.g., MobSF, Drozer, Frida).
Knowledge of secure app distribution methods and protection against reverse engineering and tampering.
Understanding of App Store and Google Play Store security guidelines and compliance requirements.
Experience with mobile encryption techniques, secure storage, and key management.
Skills and Competencies
Strong analytical and problem-solving abilities specific to mobile application security.
Excellent communication and interpersonal skills, capable of explaining complex mobile security concepts to technical and non-technical stakeholders.
Ability to think like an attacker to anticipate and mitigate potential threats to mobile applications.
Commitment to staying updated on the latest mobile security trends, vulnerabilities, and technologies.
Collaborative mindset with the ability to work across diverse teams, including mobile developers and QA specialists.
Familiarity with mobile application architecture patterns (MVC, MVVM) and how they impact security.
Beacon Hill is an Equal Opportunity Employer that values the strength diversity brings to the workplace. Individuals with Disabilities and Protected Veterans are encouraged to apply.
California residents: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.
If you would like to complete our voluntary self-identification form, please click here or copy and paste the following link into an open window in your browser: https://jobs.beaconhillstaffing.com/eeoc/
Completion of this form is voluntary and will not affect your opportunity for employment, or the terms or conditions of your employment. This form will be used for reporting purposes only and will be kept separate from all other records.
Company Profile:
Beacon Hill Technologies, a premier National Information Technology Staffing Group, provides world class technology talent across all industries utilizing a complete suite of staffing services. Beacon Hill Technologies' dedicated team of recruiting and staffing experts consistently delivers quality IT professionals to solve our customers' technical and business needs.
Beacon Hill Technologies covers a broad spectrum of IT positions, including Project Management and Business Analysis, Programming/Development, Database, Infrastructure, Quality Assurance, Production/Support and ERP roles.
Learn more about Beacon Hill and our specialty divisions, Beacon Hill Associates, Beacon Hill Financial, Beacon Hill HR, Beacon Hill Legal, Beacon Hill Life Sciences and Beacon Hill Technologies by visiting www.bhsg.com .