Mobile Security Architect - Vice President

New York City, NY, United States Full Time
Main Location
New York City, NY, United States
Open jobs
The Security Architecture (SecArch) team is part of the Technology Risk (TR) organization. The mission of the SecArch team is to provide security architecture assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. 
 
The SecArch Mobile Security Architect is an internal consultant that is working on multiple security architecture and design assessments spanning multiple classes of mobile solutions and technologies. The architect is expected to be capable of conducting a security architecture review from a general scope, while having subject matter expertise in mobile security that includes an in-depth knowledge of mobile platform risks, management controls, and application security. It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecArch. The architect works with team members (Technology, Business, Suppliers, Stakeholders and Partners) globally to perform SecArch assessments and assist with solution design. To be successful in this role, the candidate must have deep mobile technology subject matter expertise and broad overall technology & security experience coupled with risk management, communication, and time management skills.
 
A SecArch Mobile Security SME has the following responsibilities:
 
Work independently to lead SecArch deep dives with business and technology requestors
Conduct assessment and provide technology risk/requirements to the requestor. Areas covered:
Mobile & Web Application Security – Session Security, Vulnerability/Pen Testing items, Input Validation, Data storage/protection, application hardening, Inter-process Communication
Infrastructure - Infrastructure supporting mobile applications/platforms, such as MDM
Mobile development/testing tools - IDE's, emulation tools, code signing, CI, test automation
Authentication, Authorization, Auditing
Secure data transport and storage
Prioritize risks identified in relation to business risks
Propose solutions to mitigate risks identified, with specific implementation guidance
Establish and communicate mobile security posture
Leverage existing expertise in mobile security to identify gaps in current technology environment and provide strategy for risk reduction
Perform hands-on assessments of mobile applications and platforms as part of control validation and strategy definition. 
Produce position papers and knowledge articles on testing/research performed.
Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
Required
5+ years' professional experience in security architecture, application/infrastructure security, penetration testing, secure software development, or related areas with a technical security focus.
2+ years' experience in the mobile security domain with working knowledge in the following areas:
Mobile Platform Security - Understand mobile operating system architecture, inherent security controls, and risks present, specifically for iOS and Android
Enterprise Mobile Device Management - OS controls (iOS/Android) and supporting management infrastructure
Mobile Application Security - Working knowledge of mobile application development programming languages/solutions (e.g., Objective-C, Swift, Java, JavaScript, Kotlin, Cordova) and relevant secure coding/application design best practices
Communication skills: Excellent written, oral, presentation, and listening, skills; ability to influence through factual reasoning


Desired
Security Vulnerabilities: Strong technical understanding of vulnerabilities affecting mobile application/device security: In-depth knowledge of mobile, application, network, and platform security vulnerabilities. Expert knowledge of application security best practices including OWASP and CWE. Ability to explain these vulnerabilities to developers and senior management.
Software Development: Hands-on programming, software design, and application architecture experience in complex environments; Experience developing secure mobile applications.
Security Testing: Hands-on mobile application/OS Penetration Testing and reverse-engineering experience. Experience using testing tools such as Burp Proxy, Wireshark, IDA, Hopper Disassembler, Fortify, AppScan.
Security Architecture/Engineering: Working experience in the following application/network security domains:
Authentication: SAML, SiteMinder, Kerberos, OpenID
Entitlements and identity management
Data protection - data leakage prevention and secure data transfer and storage
App Security - validation checking, software attack and defense methodologies
Web Technologies -  Web Browsers, Web Servers, Web Services
Cryptography – encryption and hashing
Standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPN, and load-balancers, and understanding of network architecture.
Secure Design Assessment:  Experience reviewing and threat modelling against technical designs and functional requirements to identify areas of Security weakness. Ability to architect solutions to address observed security weaknesses.
Regulatory: Understanding of geographic regulations and their impact on Security assessments
Leadership/Collaboration: Ability to directly manage teams, operate in multiple virtual teams, or ability to operate as a sole-contributor
Time Management: Adept at managing and delivering on multiple concurrent tasks with short timelines and using sound judgement when managing risks, prioritization, and escalation


Preferred Qualifications
Technical BS or Master's degree or equivalent experience
CISSP, CISM, GMOB, or other relevant industry qualification
Previous experience in Financial Services industry
Help us maintain the quality of jobs posted on PowerToFly. Let us know if this job is closed.
Mission
We're a community of women leveraging our connections into top companies to help underrepresented women get the roles they've always deserved. Simultaneously, we work to build truly inclusive hiring processes and environments where women can thrive and not just survive.
Are you hiring? Join our platform for diversifiying your team