Raya

Senior Product Security Engineer – iOS Mobile App

Raya

full-time

Posted on:

Location Type: Remote

Location: CaliforniaUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudiOSNode.jsObjective-CPythonSwift

About the role

  • Lead the security review of iOS application architecture and design, ensuring security is built-in from the ground up.
  • Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) tools.
  • Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructure.
  • Perform threat modeling for new features and existing components of the iOS application and its backend services.
  • Drive the adoption and enforcement of secure development practices within the mobile engineering teams.
  • Ensure the security of APIs consumed and exposed by the iOS application.
  • Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security posture.
  • Support incident response activities related to the iOS application, including investigation and remediation.
  • Evaluate, implement, and manage security tools relevant to mobile application security.
  • Provide guidance and training to mobile developers on secure coding practices.
  • Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructure.

Requirements

  • 8+ years of experience in a security role with a strong focus on application security.
  • 5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application security.
  • Extensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10).
  • Strong understanding of iOS platform security features and best practices.
  • Proficiency in Swift/Objective-C with a minimum of 3 years of Swift experience, and experience with mobile development tools and environments.
  • Proficiency in NodeJS with a minimum of 3 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments.
  • 3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructure.
  • Experience with static and dynamic application security testing (SAST/DAST) tools for mobile applications.
  • Excellent analytical, problem-solving, and troubleshooting skills.
  • 2+ years of experience in a senior or lead security engineer role.
  • Strong proficiency of AI coding platforms like Claude Code, Copilot, etc.
  • Strong leadership and communication skills, with the ability to influence and collaborate across engineering teams.
  • Ability to prioritize tasks and manage projects effectively in a fast-paced environment.
  • Experience with scripting and automation (e.g., Python, Bash) for security tasks.
  • Experience with GitHub Actions.
  • Experience with DevSecOps and CICD SCA tools.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
iOS application securitysecure coding principlesmobile security frameworksOWASP Mobile Top 10SwiftObjective-CNodeJScloud security principlesstatic application security testing (SAST)dynamic application security testing (DAST)
Soft skills
analytical skillsproblem-solving skillstroubleshooting skillsleadership skillscommunication skillscollaboration skillstask prioritizationproject management