Raya

Compensation

Full Description

We are seeking a highly skilled and experienced Senior Product Security Engineer to lead our efforts particularly in securing our Apple mobile iOS application and its related infrastructure. This role will be pivotal in embedding security best practices throughout the software development lifecycle, from design to deployment, with a specific focus on our iOS app. The ideal candidate will possess a strong technical background in mobile security, excellent leadership abilities, and a proactive approach to identifying and mitigating security risks within the mobile ecosystem. This position will report directly to the Head of Information Security, and act as the technical lead of our Green Security Team, but not have and direct reports. \n Responsibilities iOS App Security Architecture & Design: Lead the security review of iOS application architecture and design, ensuring security is built-in from the ground up. Code Review and Static/Dynamic Analysis: Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) tools. Vulnerability Management (Mobile): Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructure. Threat Modeling: Perform threat modeling for new features and existing components of the iOS application and its backend services. Secure Development Lifecycle (SDL): Drive the adoption and enforcement of secure development practices within the mobile engineering teams. API Security: Ensure the security of APIs consumed and exposed by the iOS application. Cloud Security for Mobile Backend: Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security posture. Incident Response (Mobile): Support incident response activities related to the iOS application, including investigation and remediation. Security Tooling: Evaluate, implement, and manage security tools relevant to mobile application security. Security Training & Awareness: Provide guidance and training to mobile developers on secure coding practices. Reporting: Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructure. Qualifications 8+ years of experience in a security role with a strong focus on application security. 5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application security. Extensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10). Strong understanding of iOS platform security features and best practices. Proficiency in Swift/Objective-C with a minimum of 3 years of Swift experience, and experience with mobile development tools and environments. Proficiency in NodeJS with a minimum of 3 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments. 3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructure. Experience with static and dynamic application security testing (SAST/DAST) tools for mobile applications. Excellent analytical, problem-solving, and troubleshooting skills. 2+ years of experience in a senior or lead security engineer role. Strong proficiency of AI coding platforms like Claude Code, Copilot, etc. Strong leadership and communication skills, with the ability to influence and collaborate across engineering teams. Ability to prioritize tasks and manage projects effectively in a fast-paced environment. Experience with scripting and automation (e.g., Python, Bash) for security tasks. Experience with GitHub Actions. Experience with DevSecOps and CICD SCA tools. Preferred Qualifications Experience with mobile penetration testing. Relevant security certifications (e.g., CISSP, CSSLP, GIAC Mobile Device Security). Experience with integrating security into CI/CD pipelines for mobile applications. Experience with securing Artificial Intelligence within a mobile product Basic experience with Python3.11+ for general scripting and integrations. \n