Chameleon Technologies is searching for a Mobile Application Security Engineer for a hybrid role in either Issaquah, WA or Dallas, TX. This IT group is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
Engineers have deep knowledge and hands-on experience in enterprise-wide platforms, and solve technical problems while working on technology initiatives. Engineers have strong architectural, leadership, and technical skills. They ensure delivery of high quality artifacts, and adhere to and follow the company SDLC. Engineers interact in a highly effective manner with other team members and management, drive innovation, and influence delivery and performance.
The Mobile Application Security Engineer will possess deep knowledge and hands-on experience in enterprise-wide platforms, especially in mobile application security and microservices architectures. This role is pivotal in solving technical problems while working on technology initiatives. The Engineer will be responsible for the successful delivery, design, and support of the vulnerability management program, focusing on mobile application security, microservices security, vulnerability scanning, and the tools and methodologies utilized within the program. The role also involves ensuring a technologically secure operating environment in line with the company’s values and business goals.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
- Automates, documents, shares, educates, delegates, and improves processes.
- Builds prototypes of potential features.
- Creates conceptual and detailed technical design documents and standards.
- Enhances automation of applications, systems, and platforms; and identifies opportunities for streamlining and continuous process improvement.
- Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, solutions, and/or platforms.
- Applies knowledge to practical and sustainable applications and capabilities.
- Partners with project managers, solution leads, and other stakeholders to establish the rough order of magnitude estimates, to create and maintain a robust framework to support applications, and to deliver quality solutions.
- Contributes, interprets, and communicates enterprise, technical, project, and operational strategies to the team.
- Develops team vision to drive new capabilities against a published roadmap, in conjunction with management.
- Ensures that proposed and existing systems are aligned with organizational standards, goals, and objectives.
- Formulates and directs activities that align short term goals and long term initiatives while providing accurate and timely estimates of work breakdown schedules.
- Works with teams, management, and stakeholders to conceptualize, design, build, test, and release products.
- Shares relevant information among teams.
- Influences and drives adoption of best practices and high quality standards throughout the division.
- Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and leads team members to solution delivery plans.
- Runs proof of concepts and uses diagnostic/debugging skills to solve current challenges in multi-platform systems.
- Orchestrates reviews for system additions and/or enhancements.
- Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
- Provides leadership/mentoring to team members, implements development efficiencies, creates appropriate documentation, drives operational efficiencies and technical growth within the team, and supports the release model.
- Optimizes team efficiency and performance through high level technical direction.
- Presents technical designs and solutions to executives, management, and other audiences to gain consensus and/or project approval.
- Drives adoption of best practices throughout the division, especially in mobile application and microservices security.
- Integrates diverse solution components across platforms, with a focus on mobile and microservices.
- Provides technical leadership in application implementation, microservices design, and strategic planning.
- Serves as a subject matter expert in mobile application security, microservices security, and vulnerability management.
- Supports product and development teams in mobile application security.
- Assesses vulnerabilities in mobile apps, web UIs, APIs, and microservices.
- Conducts manual application secure code reviews, especially for mobile apps and related microservices.
- Identifies attack surface reduction opportunities in mobile and microservices environments.
- Participates in security assessments of mobile applications (iOS, Android, Flutter, React Native) with a focus on platform-specific security controls.
- Treats mobile apps as gateways into larger systems, ensuring security from the app to the backend and vice versa.
- Participates in SSDLC for our products and customer products, collaborating with developers to enhance security without compromising usability.
- Stays updated with emerging security threats, vulnerabilities, and controls, including reading articles, following CVE updates, and understanding the evolving threat landscape.
- Collaborates with InfoSec, Compliance, Internal Audit, and Business teams.
- Coordinates with the Incident Response team for security incident remediation.
- Advocates for compliance and security measures in mobile and microservices domains.
- Maintains knowledge of industry trends and standards in mobile and microservices security.
REQUIRED
- 3+ years’ in security in an enterprise environment, with a focus on mobile applications.
- 2+ years’ in a security engineering role with a focus on mobile and microservices.
- 2+ years’ in a software engineering or DevOps role, especially in mobile and microservices environments.
- 1+ years’ with Azure, GCP or another cloud service.
- Understanding of the software development lifecycle for mobile applications and microservices.
- Ability to read and comprehend code, discern business logic, and identify security flaws in mobile-relevant languages, such as Swift, Objective-C, Kotlin, Java, JavaScript, TypeScript, and Dart.
- Experience with vulnerability management processes for mobile and microservices.
- Knowledge in remediation activities at the code/script level.
- Experience with ADO, Git or similar agile code system functions.
- Familiarity with mobile programming languages, development practices, and common bug patterns.
- Knowledge of OWASP Mobile Top 10, SANS Top 20, CVE, CWE, CVSS, etc.
- Proficient understanding of OWASP MAS (MASVS + MASTG).
- Familiarity with application security verification and software maturity frameworks, including OWASP SAMM and OWASP ASVS.
- Comprehensive understanding of SSDLC and its challenges, with knowledge of OWASP SSDLC.
- Strong verbal and written communication skills.
- Experience identifying security requirements for mobile software and microservices.
- Strong analytical, documentation, and time management skills.
- Familiarity with HIPAA, PCI, and other sensitive data standards.
- Proficiency in mobile application development and security for various platforms including Apple (iOS), Google (Android), Samsung (Tizen), and other relevant platforms.
- Familiarity with platform-specific development environments, SDKs, and tools, such as Xcode for iOS, Android Studio for Android, and Samsung’s Tizen Studio.
- Understanding of platform-specific security features and best practices, such as Apple’s App Transport Security, Android’s Network Security Configuration, and Samsung Knox.
- Experience with platform-specific app distribution methods, including Apple App Store, Google Play Store, and Samsung Galaxy Store.
- Knowledge of platform-specific APIs and their security implications.
- Familiarity with platform-specific hardware security features, such as Apple’s Secure Enclave, Android’s Hardware-backed Keystore, and Samsung’s Trusted Execution Environment.
Recommended
- Experience in designing and implementing mobile security controls, including platform-specific controls, such as Biometry on iOS and screenshot protections on Android.
- Proven experience in conducting security assessments for mobile and/or web applications.
- Solid grasp of the workings of computers, the internet, and mobile devices.
- A holistic understanding of information security, including how real-world risks and threats influence the selection of security controls.
- Experience with scripting or development languages relevant to mobile apps and microservices.
- Familiarity with Kanban or Agile methodologies for mobile and microservices development.
- Experience developing and reporting enterprise-level metrics for mobile and microservices.
Target salary range for this role is $155K to $195K
