Mobile Device Vulnerability Engineer (Management & Configuration Compliance)
New York, New York, United States of America
Contract
4 weeks ago
Key skills
PythonGoPowerShellOAuthSSOSplunkiOSAndroidServiceNowSaaSStakeholder ManagementChange ManagementCommunication
About this role
Job Role : Mobile Device Vulnerability Engineer (Management & Configuration Compliance)
Location: NYC, New York (Hybrid)
Experience Level :-
8+ years in cybersecurity/endpoint security, with 2 4+ years specifically in mobile/UEM
security, vulnerability management, or compliance engineering
Domain Cyber Security : Application Security
Job Description
The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner
with internal stakeholders to design, validate, and operationalize an automated mobile device
vulnerability scanning and configuration compliance capability across enterprise-issued mobile
endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including
tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives
full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR,
ITSM, and asset inventory/CMDB systems.
The engineer will establish and maintain mobile vulnerability management processes aligned to
corporate and regulatory requirements, develop continuous compliance and policy enforcement
strategies, implement risk-based remediation workflows, and deliver measurable improvements in
mobile endpoint security posture.
Key Responsibilities :-
Define PoT scope, success criteria, and test plans for automated mobile vulnerability
scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy,
scalability, device impact, privacy controls, and reporting fidelity.
Execute pilots across representative device populations validating:
o vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps)
o configuration compliance checks (encryption, jailbreak/root, screen lock, OS
hardening)
o integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)
Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record,
and go/no-go recommendation.
Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with
regulatory requirements (NYDFS).
Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization,
remediation, validation, reporting.
Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance
impact).
Coordinate remediation with endpoint engineering, mobility admins, app owners, and
operations teams.
Validate remediation effectiveness using scanner re-runs, policy compliance, and audit
evidence.
Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS
and Android.
Translate requirements into enforceable policies (password/biometrics, encryption, OS
update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging
settings).
Implement compliance monitoring and drift detection; drive automated or semi-automated
corrective actions.
Build automation scripts and APIs to normalize and enrich findings.
Support change management and communications for new controls impacting device
behavior and user experience.
Provide technical guidance and training to operations teams for ongoing support.
Required Skills
Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching,
permissions, app ecosystems, jailbreak/root detection concepts.
Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs,
validation, metrics.
Configuration compliance: baseline hardening, policy enforcement, continuous compliance
monitoring, and drift remediation.
Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace
One + Microsoft Threat Defense, or equivalent.
MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or
equivalent.
Enterprise integration skills: API integration, data normalization, and automation with
SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow).
Identity & access: conditional access concepts, device compliance states, SSO,
certificates, MFA, posture-based access controls.
Scripting/automation: PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth,
and secrets management.
Security documentation: ability to author PoT plans, architecture diagrams, operational
runbooks, and audit evidence.
Excellent documentation and stakeholder management skills.
Strong analytical and problem-solving skills.
Excellent communication and stakeholder management skills; experience presenting PoT
results and recommendations.
Ability to work independently and across multifunctional teams.
Detail-oriented with a focus on process improvement and operational excellence.
Ability to manage multiple workstreams (pilot + integration + operations) with minimal
supervision.
Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or
similar frameworks.
Educational Requirements
Bachelor s degree in Cybersecurity, Information Systems, Computer Science, Engineering,
or equivalent practical experience.
Relevant Certifications :-
CompTIA Security+, CySA+
GIAC: GSEC, GMON, or related (if available/appropriate)
Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)
Governance / Risk / Architecture (bonus)
CISSP, CISM, CCSP
ITIL Foundation (for ITSM integration and operations maturity)