Senior Security & Compliance Engineer
We are Mobiquity, a digital consultancy, committed to helping our clients understand apply and engage technology in meaningful ways… and we are growing. As we continue to work with our clients uncovering friction and sparking digital transformation, we are hiring a Senior Security & Compliance Engineer to work with our high impact teams.
Reporting to the Director of Security Engineering, and working with other members of the security team, project delivery, Operations, and IT teams. This role is responsible for the overall quality and security of Mobiquity applications and products.
- Ensure new projects are scoped, implemented and deployed in a secure manner;
- Provide application security expertise to customer project delivery teams throughout the Mobiquity Software Development Lifecycle (SDLC);
- Review static code analysis findings for exploitability and provide recommendations to developers for remediating findings.
- Perform validation and testing on mobile and web applications to ensure products meet internal requirements and industry standards for software security.
- Provide security and compliance subject matter expertise and consultation to internal Business Units and Customers;
- Maintain, apply, and enhance security architecture, development, testing, operations, and compliance standards throughout the organization;
- Coordinate with the IT, Operations, and Delivery teams to ensure adherence to strong SDLC tools and processes and training in secure coding and testing best practices;
- Perform security/compliance internal audits on new projects;
- Perform risk assessments on vendors, tools and processes;
- Advise on strategyf or new and existing compliance standards for Mobiquity and customers;
- Support and lead internal security operations functions, including security awareness, vulnerability management, and incident response;
- Consult with IT and Delivery teams on forensic analysis of breaches and exploits;
- Maintain, apply, and enhance a set of materials for internal and external use related to Mobiquity security and compliance posture and on-going expertise;
- Assist with creation of periodic blog posts and other market-facing content on topical security & compliance subjects;
- Represent Mobiquity with industry leaders, analysts and standards bodies in areas related to security and compliance;
- Provide other security, compliance, and technical tasks as assigned by the Director of Security Engineering.
Desired Experience and Capabilities:
- Ability to understand, explain, and demonstrate various security vulnerabilities & risks including XSS, CSRF, Code Injection, MitM, Brute-force/Dictionary/Rainbow Table attacks
- Knowledge of stack exploitation in C based languages
- Experience with Mobile (Android and iOS) application architecture
- Experience with AWS technologies and recommended security best practices
- Experience explaining technical and security concepts to both technical and non-technical resources in a consultative role
- Excellent oral, written, and interpersonal communication skills
- Knowledge of industry regulations such as GDPR and HIPAA, or other industry standards such as PCI DSS, ISO 27001, or OWASP
- Experience delivering security training to security professionals, engineers, and non-engineers
Applicable Certifications Include:
- CompTIA Security+
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
- AWS Certified Security - Specialty