Manager, Mobile Penetration Testing
Sweetwater, Florida
Manager, Mobile Security Penetration Testing
Our customer is in need of a resource for a PERM position.
Job Description
This is an exciting opportunity to join Companys Mobile Device Security team in Miami. Our Mobile Device Security team is searching for a Manager, Mobile Security Penetration Testing who will serve as a technical engineering subject matter expert in mobile device security (Android, iOS) to be utilized primarily for developing, analyzing, and evaluating technologies for security threat modeling and penetration testing of mobile devices at various levels: hardware and software architecture, systems, subsystems, applications, components, and interfaces. The selected candidate will manage a team to conduct mobile security penetration testing on mobile devices (Android/iOS), work with multiple OEM partners, lead processes and advancement efforts for the team, and conduct research and development in areas of mobile device security.
Members of the Companys Mobile Device Security team are creative, motivated self-starters who share a common passion for helping to solve complex mobile device security problems. We are a diverse group of engineering and computer science personnel who firmly believe we can be a leader in mobile device security. We are looking for someone to develop innovative technologies that enable new capabilities in these areas to address existing and emerging company needs. We are a growing team and seek like-minded individuals who want to work on challenging problems in a fast-paced, supportive, and flexible environment.
Responsibilities:
Manage mobile device penetration testing efforts across various products, platforms, and solutions from hardware and software architecture, systems, subsystems, applications, components, and interface levels
Review, define, and improve Companys mobile device security (Android, iOS) penetration testing plans
Provide guidance and lead advancement of the Companys mobile device security certification team
Perform threat modeling and architectural risk analysis for mobile devices and applications as well as attack surface hardening, exploit mitigation, static & dynamic analysis, and reverse engineering
Research and develop mobile security penetration tools and solutions for use by internal teams
Conduct research to identify new attack vectors and proactive countermeasures for mobile devices (baseband, HLOS Android/iOS, applications, and services)
Lead in ensuring maximum security per expectations is delivered on all products at Production
Work closely with Companys Sr. Products, Solutions, & Services development mobile device security team and with all handset manufacturers/OEMs to provide validation for Companys products and sync on relevant findings
Report on testing and hacking results of mobile device security certification team
Identify and address issues of concern during mobile device security certification and penetration testing via effective collaboration with multiple teams
Correlate pen-test findings to existing threat model to identify gaps and recommend improvements to processes
Handle technical account management duties with handset manufacturers
Provide subject matter expert (SME) support to internal (Mobile Device Security, Product Development Group, etc.) and external (handset manufacturers, chipset vendors, etc) parties
Handle the rapidly increasing complexity of platforms & technologies
Participate as the mobile device security technical expert in departmental and company projects/initiatives related to mobile device security penetration testing and applications
Maintain expert knowledge in the field of mobile security penetration testing via extensive research and collaboration
Provide technical white papers and presentations as a result of research & development efforts
Provide training to MDS team internally on mobile device security penetration testing
Required Experience
Bachelors Degree in Electrical Engineering, Computer Engineering, or Computer Science. Masters Degree is a plus.
5+ years experience in:
Hands-on experience in development and penetration testing of mobile device platforms (baseband, HLOS Android/iOS, applications, services), including via official/unofficial mobile security testing tools
Threat modeling and architectural risk analysis on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
Hands-on experience with software development in a mobile environment, with a focus in the following areas: kernel driver, hardware-software interface, mobile O/S and application development (Android, iOS), testing & troubleshooting in C, C++, Objective C, or Java
Static and dynamic vulnerability analysis, reverse engineering, exploit mitigation, and attack surface hardening on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
Developing and improving processes for mobile device (Android, iOS) security penetration testing teams
Hands-on experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting.
Working with pen-test plans to ensure they are in compliance with requirements and threat models
Conducting research and development activities in order to further company and departmental initiatives
Interfacing and collaborating with cross-functional teams via excellent written and verbal communication skills
Expert knowledge of official and unofficial mobile device (Android, iOS) security penetration testing tools
Expert knowledge in OWASP mobile risks and methodologies
Good knowledge in defensive security constructs including digital signatures, encryption, firewalls, PKI, anti-debugging, AAA, key exchange, key entropy, software and hardware protection mechanisms, DRM, Trustzone
Good knowledge of offensive security techniques including reverse engineering, digital forgery, encryption attacks, debugging, defeating anti-debugging, man in the middle attacks, logic flaws, hardware & software exploits preferred
Certifications in CISSP, CISM, CISA, and/or CEH preferred
