Job Seekers

Manager, Mobile Security Penetration Testing

Twitter Facebook
Location
Doral, FL
Salary
$160,000
Job Type
Direct Hire
Date
Sep 04, 2015
Job ID
2224304

Our client, a large public company and leader in the Telecom industry, is seeking a Mobile Device Penetration Testing Manager for their Miami corporate offices.

Responsibilities:

  • Manage mobile device penetration testing efforts across various products, platforms, and solutions from hardware and software architecture, systems, subsystems, applications, components, and interface levels
  • Review, define, and improve mobile device security (Android, iOS) penetration testing plans
  • Provide guidance and lead advancement of the mobile device security certification team
  • Perform threat modeling and architectural risk analysis for mobile devices and applications as well as attack surface hardening, exploit mitigation, static & dynamic analysis, and reverse engineering
  • Research and develop mobile security penetration tools and solutions for use by internal teams
  • Conduct research to identify new attack vectors and proactive countermeasures for mobile devices (baseband, HLOS Android/iOS, applications, and services)
  • Lead in ensuring maximum security per expectations is delivered on all products at Production
  • Work closely with  Sr. Products, Solutions, & Services development mobile device security team and with all handset manufacturers/OEMs to provide validation for products and sync on relevant findings
  • Report on testing and hacking results of mobile device security certification team
  • Identify and address issues of concern during mobile device security certification and penetration testing via effective collaboration with multiple teams
  • Correlate pen-test findings to existing threat model to identify gaps and recommend improvements to processes
  • Handle technical account management duties with handset manufacturers
  • Provide subject matter expert (SME) support to internal (Mobile Device Security, Product Development Group, etc.) and external (handset manufacturers, chipset vendors, etc) parties
  • Handle the rapidly increasing complexity of platforms & technologies
  • Participate as the mobile device security technical expert in departmental and company projects/initiatives related to mobile device security penetration testing and applications
  • Maintain expert knowledge in the field of mobile security penetration testing via extensive research and collaboration
  • Provide technical white papers and presentations as a result of research & development efforts
  • Provide training to MDS team internally on mobile device security penetration testing

 

Required Experience
  • Bachelor’s Degree in Electrical Engineering, Computer Engineering, or Computer Science. Master’s Degree is a plus.

5+ years experience in:

 

  • Hands-on experience in development and penetration testing of mobile device platforms (baseband, HLOS Android/iOS, applications, services), including via official/unofficial mobile security testing tools
  • Threat modeling and architectural risk analysis on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
  • Hands-on experience with software development in a mobile environment, with a focus in the following areas: kernel driver, hardware-software interface, mobile O/S and application development (Android, iOS), testing & troubleshooting in C, C++, Objective C, or Java
  • Static and dynamic vulnerability analysis, reverse engineering, exploit mitigation, and attack surface hardening on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
  • Developing and improving processes for mobile device (Android, iOS) security penetration testing teams
  • Hands-on experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting.
  • Working with pen-test plans to ensure they are in compliance with requirements and threat models
  • Conducting research and development activities in order to further company and departmental initiatives
  • Interfacing and collaborating with cross-functional teams via excellent written and verbal communication skills
  • Expert knowledge of official and unofficial  mobile device (Android, iOS) security penetration testing tools
  • Expert knowledge in OWASP mobile risks and methodologies
  • Good knowledge in defensive security constructs including digital signatures, encryption, firewalls, PKI, anti-debugging, AAA, key exchange, key entropy, software and hardware protection mechanisms, DRM, Trustzone
  • Good knowledge of offensive security techniques including reverse engineering, digital forgery, encryption attacks, debugging, defeating anti-debugging, man in the middle attacks, logic flaws, hardware & software exploits preferred
  • Certifications in CISSP, CISM, CISA, and/or CEH preferred

 Comp is up to $160k+Bonus