Mobile Security Engineer - Product Security

SalesforceSan Francisco, CA
Hybrid

About The Position

The Product Security team is seeking a Mobile Security Engineer who will own the security posture of Salesforce's mobile application portfolio — spanning many distinct apps and mobile Software Development Kits (SDKs) across iOS and Android for nearly every Cloud and acquisition. You'll be the dedicated technical owner for mobile application security testing, vendor-managed mobile scanning platforms, and security design reviews for mobile features, working at the intersection of mobile platform security and product engineering. Your work will directly protect the apps that millions of customers interact with daily, from the Salesforce flagship app to Tableau Mobile, Field Service, Trailhead, and Mobile Publisher. Join a team committed to ensuring every mobile release ships with validated security controls and that runtime protection, authentication flows, and binary hardening meet the highest standards.

Requirements

  • 2+ years in application security, mobile security testing, or mobile development with demonstrated knowledge of iOS and Android platform security models, the Open Web Application Security Project (OWASP) Mobile Top 10, and common mobile vulnerability classes.
  • Hands-on experience with the mobile platform toolchain (Xcode/Android Studio)
  • Familiarity with security testing tools such as Frida, NowSecure, objection, MobSF, Burp Suite, or commercial mobile Static/Dynamic Application Security Testing (SAST/DAST) platforms.
  • Understanding of mobile authentication patterns (OAuth 2.0, PKCE, SAML), runtime protection mechanisms (code obfuscation, anti-hooking, anti-tampering), and app store ecosystem security considerations for both Apple and Google Play.
  • Strong communication skills with the ability to explain mobile-specific risks to engineering partners who may not have mobile security context.
  • Demonstrated, genuine AI-first approach to engineering — using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.
  • Experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.
  • Advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.
  • A related technical degree required.

Nice To Haves

  • Experience evaluating mobile runtime protection tools such as Promon, DexGuard, or similar Runtime Application Self-Protection (RASP) solutions on jailbroken or rooted devices.
  • Mobile-focused security certifications such as GIAC Mobile Device Security Analyst (GMOB), or general offensive certifications such as Offensive Security Certified Professional (OSCP) or Offensive Security Web Expert (OSWE) with demonstrated mobile testing experience.
  • Active participation in mobile bug bounty programs (HackerOne, Bugcrowd), published mobile security research, Common Vulnerabilities and Exposures (CVE) disclosures, or contributions to open-source mobile security tools.
  • Experience with mobile CI/CD pipelines, automated binary scanning integration, or familiarity with the Salesforce ecosystem and applying AI tools such as Claude, Cursor, or Gemini for security assessments.

Responsibilities

  • Perform manual and automated security assessments of iOS and Android applications, including binary reverse engineering, dynamic instrumentation, authenticated scanning, and review of OAuth/PKCE flows, certificate pinning implementations, and jailbreak/root detection controls.
  • Operate and expand the mobile scanning platform across the mobile app portfolio, manage pre-production Continuous Integration/Continuous Delivery (CI/CD) pipeline integration, configure scanning rulesets, triage findings, and coordinate quarterly with external penetration testing vendors.
  • Conduct secure code reviews across Swift, Kotlin, Java, and React Native mobile codebases, embed security controls in mobile SDKs and feature development, and lead threat modeling sessions for mobile-specific attack surfaces including on-device AI, app attestation, and deep linking.
  • Provide mobile security guidance to engineering teams across all Clouds, translate mobile findings into actionable remediation, respond to customer compliance questionnaires, and serve as the mobile security subject-matter expert for release planning and incident response.
  • Build and ship high-quality, production-grade security tooling and automation using modern engineering practices, with AI as a core part of your development workflow — pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.
  • Design and orchestrate complex systems where AI agents integrate seamlessly into security workflows, driving efficiency and innovation at scale.
  • Contribute to building and maintaining shared system context — an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably.
  • Critically evaluate code (human- or AI-generated) for correctness, quality, security, and performance.

Benefits

  • time off programs
  • medical
  • dental
  • vision
  • mental health support
  • paid parental leave
  • life and disability insurance
  • 401(k)
  • employee stock purchasing program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service