Application Security - Mobile

The unit's primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products & platforms.

Soft Skills:

• Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective.

• Holistic thinking; must balance security & functionality using practical demonstrable examples.

• Must also contribute to & implement "good architecture principles" to lower technical debt.

• Assertive personality; should be able to hold her / his own in a project board or work group setting.

• Superlative written & verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.

• Ability to work under pressure & meet tough/challenging deadlines.

• Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not.

• Strong understanding of Risk Management Framework & security controls implementation from an implementer standpoint.

• Has strong decision making, planning & time management skills.

• Can work independently.

• Has a positive and constructive attitude.

Key Requirements:

• Bachelor's degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Must Have)

• General Information Security: CISSP, OSCP, CEH, CISM/CISA or similar

• General Cloud Security: CCSK/CCSP or similar

• Specific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similar

• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Eligibility:

• 4+ years of experience in an information security function with good background in IT, stakeholder management & people management (Must Have)

• 3+ years of experience as a Security Engineer especially in Cloud Native environments (Must Have)

• Deep foundational knowledge of Mobile Applications, Intensive skills on SSL pinning bypass, root / jailbreak bypass, core Mobile application exploitation (Must Have)

• Expert at the technology & frameworks in his/her area of expertise, coach other architects on development standards & best practices

• Good understanding of Microservices based architecture

• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection, end-point protection, API / Micro services Security

• Experience working in a DevOps environment with knowledge of CI/CD, Containers, DAST/SAST tools & building Evil Stories (Must Have)

• Follow design principles & apply design patterns to enforce maintainable & reusable patterns in the form of code or otherwise

• Can understand & interpret potential issues found in source or compiled code

• Has automation skills/capability in the form of scripting or similar

• Can attack application & infrastructure assets, interpret threats and suggest mitigating measures

• Ability to interpret Security Requirements mandated by oversight functions & ensure comprehensive coverage of those requirements via documentation within high level design and/or during agile ceremonies via Evil Stories

• Can propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performance

• Knowledge of Agile methodologies/principles such as Scrum or Kanban

• Key Skills Web & Mobile Application Security, Security Code review, API security, Platform Security, IAST, SAST, DAST

• Expertise in Burp Suite, MobSF, Frida, Kali Linux, Nessus, Checkmarx SAST, Kubernetes, Docker, Jenkins, GitHub, OpenShift & good knowledge about microservice architecture & pipeline driven security.

• Knowledge of Mobile App testing (Android & iOS), Web Application Security, Security Code Review, Container Review, Infrastructure Review, WAF rules review

Skills :