Product Security Engineer - iOS

Hampton North is seeking an experienced Senior Product Security Engineer to own the security posture of a high-profile, iOS-only mobile application and its Node.js backend infrastructure. This hands-on role involves securing the application, conducting security reviews, and mentoring developers on secure coding practices.

Responsibilities:

• Lead security architecture reviews for the iOS application, ensuring security is designed in from the ground up
• Perform hands-on security code reviews in both Swift (client-side) and Node.js (backend APIs), identifying vulnerabilities across the full stack
• Secure the Node.js API layer that powers the iOS app- this is a critical surface area handling sensitive user data, and you’ll be auditing authentication flows, authorization logic, data exposure risks, and injection points firsthand
• Own vulnerability management end-to-end for the mobile app and its backend, from identification and assessment through remediation
• Conduct threat modeling for new features and existing components across both the iOS client and Node.js services
• Run and manage static and dynamic application security testing (SAST/DAST) tools across the mobile and backend codebase
• Drive secure development lifecycle (SDL) practices across engineering teams, serving as the go-to authority on secure coding for both mobile and backend
• Manage cloud IAM roles and permissions for the backend infrastructure, enforcing least-privilege principles and tightening the overall cloud security posture
• Build and maintain security tooling integrated into the CI/CD pipeline via GitHub Actions, including SCA and DevSecOps workflows
• Support incident response for the iOS application and backend services, including investigation, root cause analysis, and remediation
• Mentor and train developers on secure coding practices for both iOS and Node.js environments

Requirements:

• 5+ years in a security role with a strong emphasis on application security
• 5+ years specifically in product security engineering focused on mobile (iOS) application security
• Strong coding proficiency in Swift (3+ years) - you need to be able to read, review, and secure iOS application code at a deep level
• Strong coding proficiency in Node.js (3+ years) - the backend is entirely Node.js, and you'll be hands-on auditing and securing API code. Expect a technical assessment that tests real-world Node.js problem solving, not just familiarity
• Deep understanding of API security patterns: authentication, authorization, rate limiting, input validation, and data protection as they relate to mobile backends
• Strong knowledge of iOS platform security features, secure coding principles, and common mobile vulnerabilities (OWASP Mobile Top 10)
• 3+ years working with cloud security principles and cloud IAM (AWS IAM, cloud connectivity) for mobile backend infrastructure
• Experience with SAST/DAST tools for mobile applications
• 2+ years in a senior or lead security engineering role
• Hands-on experience with DevSecOps practices, CI/CD SCA tools, and GitHub Actions
• Strong proficiency with AI-assisted coding platforms (Claude Code, Copilot, or similar)
• Excellent communication and leadership skills - you'll influence across engineering teams without direct authority
• Experience with scripting and automation using Python and Bash for security tasks
• Mobile penetration testing experience
• Relevant security certifications (CISSP, CSSLP, GIAC Mobile Device Security)
• Experience securing AI/ML features within a mobile product
• Experience integrating security into CI/CD pipelines specifically for mobile applications
• Python 3.11+ experience for scripting and integrations