Key skills
iOS application securitysecure coding principlescloud security principlesstatic/dynamic application security testingSwift/Objective-CNodeJSmobile security frameworksAI coding platformsanalytical skillsscriptingautomationGitHub ActionsDevSecOpsleadership skillscommunication skillsPythonCSwiftBashObjective-CAIArtificial IntelligenceAWSIAMGitHubiOSMobile DevelopmentCI/CDLeadershipCommunicationOWASPPenetration TestingCloud Security
About this role
Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. They are seeking a highly skilled and experienced Senior Product Security Engineer to lead efforts in securing their Apple mobile iOS application and its related infrastructure, embedding security best practices throughout the software development lifecycle.
Responsibilities:
- IOS App Security Architecture & Design: Lead the security review of iOS application architecture and design, ensuring security is built-in from the ground up
- Code Review and Static/Dynamic Analysis: Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) tools
- Vulnerability Management (Mobile): Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructure
- Threat Modeling: Perform threat modeling for new features and existing components of the iOS application and its backend services
- Secure Development Lifecycle (SDL): Drive the adoption and enforcement of secure development practices within the mobile engineering teams
- API Security: Ensure the security of APIs consumed and exposed by the iOS application
- Cloud Security for Mobile Backend: Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security posture
- Incident Response (Mobile): Support incident response activities related to the iOS application, including investigation and remediation
- Security Tooling: Evaluate, implement, and manage security tools relevant to mobile application security
- Security Training & Awareness: Provide guidance and training to mobile developers on secure coding practices
- Reporting: Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructure
Requirements:
- 8+ years of experience in a security role with a strong focus on application security
- 5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application security
- Extensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10)
- Strong understanding of iOS platform security features and best practices
- Proficiency in Swift/Objective-C with a minimum of 3 years of Swift experience, and experience with mobile development tools and environments
- Proficiency in NodeJS with a minimum of 3 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments
- 3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructure
- Experience with static and dynamic application security testing (SAST/DAST) tools for mobile applications
- Excellent analytical, problem-solving, and troubleshooting skills
- 2+ years of experience in a senior or lead security engineer role
- Strong proficiency of AI coding platforms like Claude Code, Copilot, etc
- Strong leadership and communication skills, with the ability to influence and collaborate across engineering teams
- Ability to prioritize tasks and manage projects effectively in a fast-paced environment
- Experience with scripting and automation (e.g., Python, Bash) for security tasks
- Experience with GitHub Actions
- Experience with DevSecOps and CICD SCA tools
- Experience with mobile penetration testing
- Relevant security certifications (e.g., CISSP, CSSLP, GIAC Mobile Device Security)
- Experience with integrating security into CI/CD pipelines for mobile applications
- Experience with securing Artificial Intelligence within a mobile product
- Basic experience with Python3.11+ for general scripting and integrations