Senior Security Engineer, Mobile Detection

You will work with our App engineering teams to address app and Mini App risks. You will also work with the Device and Device Security teams on securing the Android operating system of the next-generation Orb device. Some travel (10-20% maximum) is expected, especially to our office in Munich, Germany where most of the Orb hardware and software teams are located. 5-8 years experience in offensive and defensive Android security. This is a “purple team” role where you challenge the security of the apps and devices, advise and assist Engineering on implementing controls, develop Detection capabilities for mobile devices, and (when on call) drive incident response for any security incidents (not just mobile). We are building an entirely new automated detection and response system. Right now it needs to protect the 17 million+ verified World ID users processing millions of identity and financial transactions a day, and it will need to rapidly scale to protect billions of users using trusted and untrusted hardware, much of which we will not own. We will publish audit events to the public blockchain for the highest possible transparency and trust of the World ID system, and build decentralized detection & response using those logs. We need to do all this while maintaining the strongest possible privacy protections. This team works closely with the teams building the core technologies, because D&R and Privacy are foundational elements of the World Network. We have a variety of mobile resources that need security controls and detection: apps for users to signup at an Orb and manage their currency wallets, apps for Orb operators to manage their devices and team, and a future Android-based device as a successor to the Orb. Our user app also contains a “Mini App” ecosystem that includes 3rd party developers, and is intimately tied to both the digital identity (WorldID) and blockchain transactions.