Key skills
PythonPowerShellOAuthSSOSplunkiOSAndroidServiceNowStakeholder ManagementCommunication
About this role
Title: Mobile Security Engineer – Vulnerability & Compliance
Location: Springfield, MA (Onsite)
Contract duration: 12+ Months
Job Summary
We are seeking a Senior Mobile Vulnerability Management & Compliance Engineer to lead the design, evaluation, implementation, and operationalization of enterprise mobile security solutions across iOS/iPadOS and Android environments. The role focuses on mobile vulnerability management, configuration compliance, MDM integrations, automation, and enterprise security tool integration.
Experience
- 5–8+ years of experience in Cybersecurity, Endpoint Security, or Vulnerability Management.
- 2–4+ years of hands-on experience in Mobile/UEM Security, Mobile Vulnerability Management, or Compliance Engineering.
Key Responsibilities
- Lead Proof of Technology (PoT) and pilot activities for mobile vulnerability scanning and compliance solutions.
- Evaluate tools based on coverage, scalability, detection accuracy, integrations, reporting, privacy controls, and device impact.
- Implement and manage mobile vulnerability lifecycle processes including discovery, assessment, prioritization, remediation, validation, and reporting.
- Develop and enforce mobile security baselines and compliance policies for iOS/iPadOS and Android devices.
- Configure compliance monitoring, drift detection, and remediation workflows.
- Integrate mobile security platforms with MDM, SIEM/SOAR, ITSM, and CMDB systems.
- Build automation using APIs, PowerShell, and/or Python for data normalization and reporting.
- Coordinate with InfoSec, Compliance, Endpoint Engineering, Mobility, and Operations teams.
- Support audit, regulatory, and security framework alignment (NYDFS, NIST, CIS, DISA STIG, ISO 27001).
- Create architecture documentation, operational runbooks, and technical reports.
Required Skills
- Strong knowledge of iOS/iPadOS and Android security models, patching, permissions, app ecosystems, and jailbreak/root detection.
- Hands-on experience with Mobile Vulnerability Management tools such as Qualys Mobile VMDR, Lookout, Workspace ONE + Microsoft Defender, or equivalent.
- Hands-on MDM experience with Microsoft Intune, Workspace ONE, Jamf Pro, or equivalent.
- Expertise in vulnerability management, CVE remediation, risk prioritization, SLAs, and validation processes.
- Experience with mobile configuration compliance, hardening, policy enforcement, and continuous compliance monitoring.
- Experience integrating with SIEM/SOAR/ITSM platforms such as Splunk, Sentinel, QRadar, XSOAR, and ServiceNow.
- Knowledge of Conditional Access, MFA, SSO, certificates, posture-based access controls, and device compliance states.
- Strong scripting and automation skills using PowerShell and/or Python.
- Experience with REST APIs, JSON, OAuth, and secrets management.
- Strong documentation, analytical, stakeholder management, and communication skills.
- Ability to manage multiple workstreams independently in enterprise environments.
Preferred Certifications
- CompTIA Security+, CySA+
- GIAC Certifications: GSEC, GMON, or related
- Qualys, Rapid7, Tenable, or equivalent vulnerability management platform certifications
- CISSP, CISM, CCSP
- ITIL Foundation
- Governance, Risk, or Security Architecture certifications are a plus