2 Mobsf Jobs

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. We are looking for an expert in Android application development with solid foundation in enterprise and commercial applications, interested in building highly performant mobile apps with Jetpack and Kotlin. Your primary focus will be on leading a team, proposing reference architectures, creating estimates, and giving inputs to client proposals. You will also lead the development of user interface and reusable components. You will ensure that these components and the overall application are robust and easy to maintain. A commitment to collaborative problem solving, sophisticated expandable design, and quality product is important. **Responsibilities:** - Developing new user interface using Jetpack compose - Networking Libraries and integration with third-party frameworks - Building reusable components and libraries for future use - Translating designs and wireframes into high quality code - Ability to optimize the code through the use of instruments or various techniques of memory profiling - Guiding the team to follow best industry practices to deliver clean code while keeping performance in check - Fostering teamwork and leading by example - People and Stakeholder management by close interaction with clients and internal stakeholders **Experience:** - 6+ years experience in Android native application development with Jetpack compose and Kotlin - Excellent UI/UX and architecture skills - Ability to transform the design into code quickly - Experience in unit testing and ensuring the developed code passes the quality gate from Sonar - Experience in identifying code quality issues during code reviews - JSON, REST and Web Services, low energy peripheral devices integration - Experience in setting up continuous integration processes and automated unit/UI testing - Jira, git or other tools **Must have skills:** - In-depth knowledge in Kotlin and Jetpack compose - Expertise in Retrofit, Volley, RoomDB, SharedPreferences, Hilt, Dagger, Co-routines - Understanding and implementing accessibility - Ability to Perform concurrency and performance testing - Ability to organize large-scale front-end mobile application codebases using common mobile design patterns such as MVVM, MVC or Viper - Understanding and working in Snapshot testing - In-depth understanding of layouts - Understanding of interactive application development paradigms, GUI, memory management, file I/O, network & socket programming, concurrency, and multi-threading - Developing cutting-edge functional modules that will be integrated across our application - Experience in code versioning tools such as Git or SVN - Understanding and Implementation of SOLID principles in an Android Application - Staying abreast of latest Android platform features and proposing the evolution of the application to take advantage of the same - Experience with two-way data synchronization between client and server database for applications that support offline capability - Unit-testing code for robustness, including edge cases, usability, and general reliability - Continuously discovering, evaluating, and implementing new technologies to maximize development efficiency - Experience in implementing security policies - Experience in automation, CI/CD, and Unit testing frameworks - Ability to analyze crash logs and provide fixes - Ability to write code that passes multiple quality gates from Checkmarx, MobSF, Sonar, etc., - Good knowledge of fixing quality issues from Checkmarx and fixing issues from Penetration Testing **Nice to have skills:** - AWS/Azure or any cloud exposure - SSO, LDAP, OAuth, SSL integration - Experience in emerging technologies such as IoT, AI/ML, etc. - Awareness of enterprise Mobile Application Management (MAM)/Mobile Device Management (MDM) frameworks such as Microsoft Intune, Citrix Endpoint Management will be a plus - More advanced data handlers such as WebSockets and Offline mobile applications - Awareness of Enterprise mobile applications and data protection policies and methods would be a plus EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people, and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.,

About the Role As a Security Engineer 2, you will be a key player in maturing our product security posture. You won't just find vulnerabilities; you'll help us build more secure products from the ground up. Your work will directly protect our customers and the business by focusing on offensive security testing, proactive threat modeling, and embedding security into our development lifecycle and company culture. What you will do Application Security Testing: Conduct comprehensive security assessments (VAPT) of our web platforms, APIs, network and mobile applications (iOS & Android) to identify and mitigate vulnerabilities. Offensive Security: Plan and execute red team and purple team exercises to simulate real-world attacks, test our defenses, and provide actionable recommendations to improve our security posture. Threat Modeling: Lead threat modeling sessions for new and existing features, collaborating with engineering teams to identify potential threats in the design phase and integrate security requirements into the product lifecycle. DevSecOps & Automation: Enhance our CI/CD pipeline by integrating security tools (SAST, DAST, IAST). Develop and implement hands-on security automation to streamline security processes and improve our detection and response capabilities. Security Culture & Awareness: Drive key security culture initiatives, including managing the Security Champions program, conducting phishing simulations, and delivering developer awareness training sessions. Risk & Compliance: Contribute to compliance and risk management efforts, such as ISO 27001 readiness, third-party risk management (TPRM), and Business Continuity/Business Impact Analysis (BCP/BIA). Security Partnership: Act as a security subject matter expert for developers, providing guidance on secure coding practices, vulnerability remediation, and security best practices through code reviews and consultations. Code Review: Perform manual and automated code reviews to identify security-critical bugs. Bug Bounty: Assist in managing our bug bounty program, including triaging submissions and engaging with security researchers. What You Will Need Experience: 3-5 years of hands-on experience in a product security or application security role. Education: A Bachelor's or Master's degree in Computer Science, Information Security, or a related field is preferred. Mobile Security Expertise: Strong experience in mobile application security assessments for both Android and iOS.Proficiency with mobile security tools like Frida, Objection, Drozer, MobSF, ADB, etc.Deep understanding of the OWASP MASVS framework and mobile-specific vulnerabilities (insecure webview, insecure deeplink, insecure data storage, flawed cryptography, etc.). Web & API Security Expertise: Proven ability to perform security assessments on web applications and APIs, with a strong understanding of the OWASP Top 10 for both. Experience testing for complex vulnerabilities in authentication, authorization, session management, and business logic. Offensive Security & Threat Modeling: Demonstrated experience planning and executing red team exercises . Proven ability to lead threat modeling sessions and integrate findings into the SDLC. General Skills & Acumen: Strong analytical and problem-solving skills.Excellent communication skills, with the ability to explain complex security issues to both technical and non-technical audiences. Familiarity with DevSecOps principles and CI/CD pipeline security automation. (Bonus Points) Active participation in public or private bug bounty programs is a huge plus. Experience with security awareness initiatives (e.g., Security Champions) and compliance frameworks (e.g., ISO 27001, TPRM) is also highly desirable.