Sr. Product Security Engineer - iOS Mobile App

About The Position

Requirements

• 8+ years of experience in a security role with a strong focus on application security.
• 5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application security.
• Extensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10).
• Strong understanding of iOS platform security features and best practices.
• Proficiency in Swift/Objective-C with a minimum of 3 years of Swift experience, and experience with mobile development tools and environments.
• Proficiency in NodeJS with a minimum of 3 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments.
• 3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructure.
• Experience with static and dynamic application security testing (SAST/DAST) tools for mobile applications.
• Excellent analytical, problem-solving, and troubleshooting skills.
• 2+ years of experience in a senior or lead security engineer role.
• Strong proficiency of AI coding platforms like Claude Code, Copilot, etc.
• Strong leadership and communication skills, with the ability to influence and collaborate across engineering teams.
• Ability to prioritize tasks and manage projects effectively in a fast-paced environment.
• Experience with scripting and automation (e.g., Python, Bash) for security tasks.
• Experience with GitHub Actions.
• Experience with DevSecOps and CICD SCA tools.

Nice To Haves

• Experience with mobile penetration testing.
• Relevant security certifications (e.g., CISSP, CSSLP, GIAC Mobile Device Security).
• Experience with integrating security into CI/CD pipelines for mobile applications.
• Experience with securing Artificial Intelligence within a mobile product
• Basic experience with Python3.11+ for general scripting and integrations.

Responsibilities

• iOS App Security Architecture & Design: Lead the security review of iOS application architecture and design, ensuring security is built-in from the ground up.
• Code Review and Static/Dynamic Analysis: Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) tools.
• Vulnerability Management (Mobile): Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructure.
• Threat Modeling: Perform threat modeling for new features and existing components of the iOS application and its backend services.
• Secure Development Lifecycle (SDL): Drive the adoption and enforcement of secure development practices within the mobile engineering teams.
• API Security: Ensure the security of APIs consumed and exposed by the iOS application.
• Cloud Security for Mobile Backend: Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security posture.
• Incident Response (Mobile): Support incident response activities related to the iOS application, including investigation and remediation.
• Security Tooling: Evaluate, implement, and manage security tools relevant to mobile application security.
• Security Training & Awareness: Provide guidance and training to mobile developers on secure coding practices.
• Reporting: Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructure.