Manager, Mobile Security Penetration Testing
Serve as a technical engineering subject matter expert in mobile device security (Android, iOS) to be utilized primarily for developing, analyzing, and evaluating technologies for security threat modeling and penetration testing of mobile devices at various levels: hardware and software architecture, systems, subsystems, applications, components, and interfaces. The selected candidate will manage a team to conduct mobile security penetration testing on mobile devices (Android/iOS), work with multiple OEM partners, lead processes and advancement efforts for the team, and conduct research and development in areas of mobile device security.
•Manage mobile device penetration testing efforts across various products, platforms, and solutions from hardware and software architecture, systems, subsystems, applications, components, and interface levels
•Review, define, and improve our mobile device security (Android, iOS) penetration testing plans
•Provide guidance and lead advancement of our mobile device security certification team
•Perform threat modeling and architectural risk analysis for mobile devices and applications as well as attack surface hardening, exploit mitigation, static & dynamic analysis, and reverse engineering
•Research and develop mobile security penetration tools and solutions for use by internal teams
•Conduct research to identify new attack vectors and proactive countermeasures for mobile devices (baseband, HLOS Android/iOS, applications, and services)
•Lead in ensuring maximum security per expectations is delivered on all products at Production
•Work closely with our Sr. Products, Solutions, & Services development mobile device security team and with all handset manufacturers/OEMs to provide validation for our products and sync on relevant findings
•Report on testing and hacking results of mobile device security certification team
•Identify and address issues of concern during mobile device security certification and penetration testing via effective collaboration with multiple teams
•Correlate pen-test findings to existing threat model to identify gaps and recommend improvements to processes
•Handle technical account management duties with handset manufacturers
•Provide subject matter expert (SME) support to internal (Mobile Device Security, Product Development Group, etc.) and external (handset manufacturers, chipset vendors, etc) parties
•Handle the rapidly increasing complexity of platforms & technologies
•Participate as the mobile device security technical expert in departmental and company projects/initiatives related to mobile device security penetration testing and applications
•Maintain expert knowledge in the field of mobile security penetration testing via extensive research and collaboration
•Provide technical white papers and presentations as a result of research & development efforts
•Provide training to MDS team internally on mobile device security penetration testing
Required Experience
•Bachelor’s Degree in Computer Engineering, or Computer Science. Master’s Degree is a plus. 5+ years experience in:
•Hands-on experience in development and penetration testing of mobile device platforms (baseband, HLOS Android/iOS, applications, services), including via official/unofficial mobile security testing tools
•Threat modeling and architectural risk analysis on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
•Hands-on experience with software development in a mobile environment, with a focus in the following areas: kernel driver, hardware-software interface, mobile O/S and application development (Android, iOS), testing & troubleshooting in C, C++, Objective C, or Java
•Static and dynamic vulnerability analysis, reverse engineering, exploit mitigation, and attack surface hardening on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
•Developing and improving processes for mobile device (Android, iOS) security penetration testing teams
•Hands-on experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting.
•Working with pen-test plans to ensure they are in compliance with requirements and threat models
•Conducting research and development activities in order to further company and departmental initiatives
•Interfacing and collaborating with cross-functional teams via excellent written and verbal communication skills
•Expert knowledge of official and unofficial mobile device (Android, iOS) security penetration testing tools
•Expert knowledge in OWASP mobile risks and methodologies
•Good knowledge in defensive security constructs including digital signatures, encryption, firewalls, PKI, anti-debugging, AAA, key exchange, key entropy, software and hardware protection mechanisms, DRM, Trustzone
•Good knowledge of offensive security techniques including reverse engineering, digital forgery, encryption attacks, debugging, defeating anti-debugging, man in the middle attacks, logic flaws, hardware & software exploits preferred
•Certifications in CISSP, CISM, CISA, and/or CEH preferred
Serve as a technical engineering subject matter expert in mobile device security (Android, iOS) to be utilized primarily for developing, analyzing, and evaluating technologies for security threat modeling and penetration testing of mobile devices at various levels: hardware and software architecture, systems, subsystems, applications, components, and interfaces. The selected candidate will manage a team to conduct mobile security penetration testing on mobile devices (Android/iOS), work with multiple OEM partners, lead processes and advancement efforts for the team, and conduct research and development in areas of mobile device security.
•Manage mobile device penetration testing efforts across various products, platforms, and solutions from hardware and software architecture, systems, subsystems, applications, components, and interface levels
•Review, define, and improve our mobile device security (Android, iOS) penetration testing plans
•Provide guidance and lead advancement of our mobile device security certification team
•Perform threat modeling and architectural risk analysis for mobile devices and applications as well as attack surface hardening, exploit mitigation, static & dynamic analysis, and reverse engineering
•Research and develop mobile security penetration tools and solutions for use by internal teams
•Conduct research to identify new attack vectors and proactive countermeasures for mobile devices (baseband, HLOS Android/iOS, applications, and services)
•Lead in ensuring maximum security per expectations is delivered on all products at Production
•Work closely with our Sr. Products, Solutions, & Services development mobile device security team and with all handset manufacturers/OEMs to provide validation for our products and sync on relevant findings
•Report on testing and hacking results of mobile device security certification team
•Identify and address issues of concern during mobile device security certification and penetration testing via effective collaboration with multiple teams
•Correlate pen-test findings to existing threat model to identify gaps and recommend improvements to processes
•Handle technical account management duties with handset manufacturers
•Provide subject matter expert (SME) support to internal (Mobile Device Security, Product Development Group, etc.) and external (handset manufacturers, chipset vendors, etc) parties
•Handle the rapidly increasing complexity of platforms & technologies
•Participate as the mobile device security technical expert in departmental and company projects/initiatives related to mobile device security penetration testing and applications
•Maintain expert knowledge in the field of mobile security penetration testing via extensive research and collaboration
•Provide technical white papers and presentations as a result of research & development efforts
•Provide training to MDS team internally on mobile device security penetration testing
Required Experience
•Bachelor’s Degree in Computer Engineering, or Computer Science. Master’s Degree is a plus. 5+ years experience in:
•Hands-on experience in development and penetration testing of mobile device platforms (baseband, HLOS Android/iOS, applications, services), including via official/unofficial mobile security testing tools
•Threat modeling and architectural risk analysis on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
•Hands-on experience with software development in a mobile environment, with a focus in the following areas: kernel driver, hardware-software interface, mobile O/S and application development (Android, iOS), testing & troubleshooting in C, C++, Objective C, or Java
•Static and dynamic vulnerability analysis, reverse engineering, exploit mitigation, and attack surface hardening on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
•Developing and improving processes for mobile device (Android, iOS) security penetration testing teams
•Hands-on experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting.
•Working with pen-test plans to ensure they are in compliance with requirements and threat models
•Conducting research and development activities in order to further company and departmental initiatives
•Interfacing and collaborating with cross-functional teams via excellent written and verbal communication skills
•Expert knowledge of official and unofficial mobile device (Android, iOS) security penetration testing tools
•Expert knowledge in OWASP mobile risks and methodologies
•Good knowledge in defensive security constructs including digital signatures, encryption, firewalls, PKI, anti-debugging, AAA, key exchange, key entropy, software and hardware protection mechanisms, DRM, Trustzone
•Good knowledge of offensive security techniques including reverse engineering, digital forgery, encryption attacks, debugging, defeating anti-debugging, man in the middle attacks, logic flaws, hardware & software exploits preferred
•Certifications in CISSP, CISM, CISA, and/or CEH preferred