Mobile Security Engineer
Chicago, IL

Job Description

Job Description:

Summary

The Mobile Security Engineer is a key individual contributor who reports to the Mobile Security Engineering lead on the GIS Cybersecurity Technology team. Mobile Security Engineers are responsible for mobile security across a broad portfolio of systems which include large scale employee mobile and consumer facing mobility infrastructure, applications and related technology, the assessment and introduction of new, emerging mobile technologies, architecture, engineering and design of mobile security solutions/systems, with accountability for research, design, engineering, implementation, of both software and hardware.

This role will include analysis of mobile solutions, mobile apps, mobile vulnerabilities, mobile frameworks, mobile device/app management, mobile development approaches, and assessment of risks introduced by mobility.

Some key areas of focus: Vulnerability analysis and remediation, mobile threat defense, threat modeling, threat assessments, knowledge of MDM/MAM/UEM configuration, solid understanding of mobility technology strategy and technology / industry trends, and emerging mobility security issues.

We're looking for creative thinkers who can develop secure mobility solutions to complex business problems.

Responsibilities

* Collaboratively develop technical architectures, processes and procedures pursuant to mobile application security objectives together with business and technical partners
* Contribute to the continued development of mobile ecosystem governance (including Enterprise Architecture) and ensuring mobility solutions (devices, apps, infrastructure) adhere to bank policies, standards and guidelines
* Collaborate with architecture, BISO, LOB and enterprise teams regarding mobile device and app management implementations and deployments
* Identify and implement defensive controls for bank mobile devices, and aid in implementing methods and processes for production deployment (Mobile Threat Defense)
* Build and execute on a hardening checklist for different platforms - iOS, Android, Blackberry. Define security design patterns for Strong Authentication, Encryption, and Integrity, further refine Mobile Security Playbook, Mobile Security Capabilities Catalog and wiki
* Pro-actively engage stakeholders, including development managers, developers, architects, and governance bodies in the Bank to achieve security objectives
* Deliver multiple technology projects across multiple teams
* Regularly interact with senior technology and business management, requiring the ability to explain complex technical matters in a way both technical and non-technical personnel can understand
* Partner to create threat models and threat assessments supporting enterprise systems (MAM, MDM, UEM) and bank mobile apps, enumerate threats by attack surface, and identify countermeasure options
* Collaborate with internal GIS and enterprise teams to strengthen mobile security awareness, including partnering with mobile developers, solutions architects (promote use of threat modeling, reference design patterns, source code analysis, mobile ethical hacks, brand identity, vulnerability detection)
* Develop policies, processes and procedures to advance mobile ecosystem governance security objectives for adoption throughout the Bank
* Contribute to and interpret enterprise policies, standards, and baselines and mentor personnel with less experience or knowledge of the same
* Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action

Required Skills, Experience and Education

* 4 year degree
* CISSP or similar relevant industry accreditation preferred

flexible depending on candidate

* Experience with mobile security vulnerability assessment techniques (during design, development and testing)
* Experience with mobile platform attack and defense techniques
* Experience conducting mobile security reviews
* Working knowledge of MDM, MAM, UEM
* Extensive knowledge of iOS and Android platforms

The ideal candidate will possess expertise in several of the following areas:

* Mobile Device Management/MDM and OS patching
* Mobile App Management/MAM and app updates/patching
* Mobile App Containerization and Wrapper Technologies
* Mobile Operating Systems and Platforms
* Mobile Testing, Quality Assurance and Security Verification
* Mobile App Signing and Certificate Governance
* Mobile Authentication (FIDO, OAuth, etc.)
* Mobile Code Protection, Obfuscation and Tamper Resistance
* Mobile Threat Modeling
* Mobile Vulnerabilities (CVE, CVSS, CWE ratings, etc.)
* Knowledge of mobile app penetration/testing
* Enterprise Architecture governance and process (in a large enterprise)
* Mobile app software delivery experience preferable
* Mobile app software development experience including app signing across platforms preferable

5+ years of relevant experience

Posting Date: 06/13/2019

Location: Chicago, IL, 135 S LA SALLE ST (IL4135), Charlotte, NC, 201 N TRYON ST (NC1022), - United States

Travel: No

Full / Part-time: Full time

Hours Per Week: 40

Shift: 1st shift