In All Media Inc

Position: Security Engineer (Remote from LATAM)
Company: InallMedia.com

Position Summary

We are seeking a highly skilled Senior Mobile Application Security Engineer with extensive experience in hands-on security threat modeling and practical expertise in securing mobile applications, particularly within the financial sector. The ideal candidate will have a deep understanding of security frameworks, AWS security tools, and AI-driven security solutions. This position will involve developing and implementing security strategies throughout the Software Development Life Cycle (SDLC), while ensuring compliance with industry regulations like PCI DSS and continuously improving the organization’s security posture.

Key Responsibilities

  1. Threat Modeling & Risk Assessment
    • Lead comprehensive threat modeling exercises for mobile applications using industry-standard frameworks like STRIDE and MITRE ATT&CK.
    • Identify, prioritize, and mitigate potential threats and vulnerabilities specific to mobile environments in the financial sector, ensuring the development of secure applications from the outset.
    • Conduct regular security risk assessments to evaluate security posture and recommend necessary improvements.
  2. Security Solutions & Implementation
    • Collaborate with cross-functional development teams to ensure the integration of security controls throughout the SDLC for mobile applications.
    • Proactively design, implement, and monitor security best practices, using AWS security tools such as AWS Inspector, GuardDuty, and Security Hub to address identified risks and vulnerabilities.
    • Manage the implementation of security measures for mobile applications, ensuring they are robust and resilient to attacks.
  3. AI Integration for Security
    • Leverage AI-driven security solutions to automate mobile application threat detection, risk analysis, and incident response workflows.
    • Stay abreast of emerging AI technologies and continuously evaluate their application to improve mobile app security and reduce response times to new threats.
  4. Compliance & Regulatory Alignment
    • Ensure compliance with key financial sector regulations such as PCI DSS, NIST CSF, CIS, and Zero Trust architectures.
    • Collaborate with internal teams to implement security controls that meet industry standards and ensure successful audit preparedness.
    • Actively manage and maintain compliance documentation and assist in the preparation for external audits.
  5. Continuous Monitoring & Improvement
    • Oversee continuous monitoring of the mobile applications for security incidents, vulnerabilities, and threats.
    • Use tools like AWS CloudTrail, GuardDuty, and other monitoring solutions to detect, analyze, and respond to threats in real time.
    • Ensure the integration of security into DevSecOps practices and continuously improve the security framework as part of the overall software release process.
  6. Collaboration & Communication
    • Work closely with cross-functional teams, including product owners, software developers, and auditors, to drive security initiatives and ensure security is embedded in the development process.
    • Utilize project management tools like JIRA to organize and track security-related tasks, vulnerabilities, and remediation efforts.
    • Mentor junior security engineers and provide technical leadership in the development of security practices.
  7. Leadership & Strategy
    • Lead the security efforts for mobile application projects, collaborating with senior leadership to shape security strategy.
    • Identify opportunities for process improvements, innovation, and automation within security workflows and propose solutions that enhance the overall security posture of mobile applications.

Required Qualifications

  • 5+ years of professional experience in cybersecurity, with a focus on mobile application security.
  • Experience with mobile security testing frameworks, such as OWASP Mobile Security Testing Guide (MSTG).
  • 4+ years of hands-on experience with AWS security tools (AWS Inspector, GuardDuty, Security Hub) and cloud security practices.
  • Strong experience in Security Threat Modeling, including expertise in STRIDE, MITRE ATT&CK, or similar methodologies.
  • Proven ability to design and implement AI-driven security solutions for threat detection, risk analysis, and incident response.
  • Deep understanding of security compliance frameworks such as PCI DSS, NIST CSF, CIS, and Zero Trust.
  • Expertise in mobile application security best practices, including secure coding practices, encryption, and secure authentication mechanisms.
  • Strong written and verbal communication skills, with the ability to explain complex security issues to technical and non-technical stakeholders.
  • Experience in collaborating across teams, especially with product development and audit teams, to ensure compliance and security goals are met.
  • Ability to perform manual security reviews and automated script-based checks for mobile applications.
  • Direct experience in a financial environment, specifically working on mobile security applications in the financial or banking sectors.
  • Familiarity with DevSecOps practices and integration of security tools in CI/CD pipelines.

Preferred Qualifications

  • Leadership experience in managing security teams or mentoring junior engineers.
  • A track record of staying current with emerging mobile security threats, cloud security developments, and AI innovations in cybersecurity.

    %FOOTER_POWERED_BY%breezy