Application Security - Mobile

The unit’s primary purpose is to Design, Engineer & eventually Embed practical & balanced cyber / information security principles / patterns / controls into all products & platforms.Soft SkillsAbility to collaborate with multiple stakeholders and manage their expectations from a security perspective.Holistic thinking; must balance security & functionality using practical demonstrable examples. Must also contribute to & implement “good architecture principles” to lower technical debt.Assertive personality; should be able to hold her / his own in a project board or work group setting.Superlative written & verbal communication skills; should be able to explain technical observations in an easy-to-understand manner.Ability to work under pressure & meet tough/challenging deadlines.Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not.Strong understanding of Risk Management Framework & security controls implementation from an implementer standpoint.Has strong decision making, planning & time management skills.Can work independently.Has a positive and constructive attitude.Key RequirementsBachelor’s degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar (Must Have)General Information Security: CISSP, OSCP, CEH, CISM/CISA or similarGeneral Cloud Security: CCSK/CCSP or similarSpecific Cloud Security: AWS/Azure/GCP/Oracle Solution/Security or similarNetwork Security: CCNA, CCNP, CCIE, Certified Kubernetes Security SpecialistEligibility4+ years of experience in an information security function with good background in IT, stakeholder management & people management (Must Have)3+ years of experience as a Security Engineer especially in Cloud Native environments (Must Have)Deep foundational knowledge of Mobile Applications, Intensive skills on SSL pinning bypass, root / jailbreak bypass, core Mobile application exploitation (Must Have)Expert at the technology & frameworks in his/her area of expertise, coach other architects on development standards & best practicesGood understanding of Microservices based architectureGood hands-on experience solutioning technology architectures that involve perimeter protection, core protection, end-point protection, API / Micro services SecurityExperience working in a DevOps environment with knowledge of CI/CD, Containers, DAST/SAST tools & building Evil Stories (Must Have)Follow design principles & apply design patterns to enforce maintainable & reusable patterns in the form of code or otherwiseCan understand & interpret potential issues found in source or compiled codeHas automation skills/capability in the form of scripting or similarCan attack application & infrastructure assets, interpret threats and suggest mitigating measuresAbility to interpret Security Requirements mandated by oversight functions & ensure comprehensive coverage of those requirements via documentation within high level design and/or during agile ceremonies via Evil StoriesCan propose options for solutions to the security requirements / patterns that provide a balance of security, user experience & performanceKnowledge of Agile methodologies/principles such as Scrum or KanbanKey Skills – Web & Mobile Application Security, Security Code review, API security, Platform Security, IAST, SAST, DASTExpertise in Burp Suite, MobSF, Frida, Kali Linux, Nessus, Checkmarx SAST, Kubernetes, Docker, Jenkins, GitHub, OpenShift & good knowledge about microservice architecture & pipeline driven security.Knowledge of Mobile App testing (Android & iOS), Web Application Security, Security Code Review, Container Review, Infrastructure Review, WAF rules reviewResponsibilitiesEligibilities: