Manager, Mobile Security Penetration Testing
This is an exciting opportunity to join TracFone’s Mobile Device Security team in Miami. Our Mobile Device Security team is searching for a Manager, Mobile Security Penetration Testing who will serve as a technical engineering subject matter expert in mobile device security (Android, iOS) to be utilized primarily for developing, analyzing, and evaluating technologies for security threat modeling and penetration testing of mobile devices at various levels: hardware and software architecture, systems, subsystems, applications, components, and interfaces. The selected candidate will manage a team to conduct mobile security penetration testing on mobile devices (Android/iOS), work with multiple OEM partners, lead processes and advancement efforts for the team, and conduct research and development in areas of mobile device security.
Members of the TracFone Mobile Device Security team are creative, motivated self-starters who share a common passion for helping to solve complex mobile device security problems. We are a diverse group of engineering and computer science personnel who firmly believe we can be a leader in mobile device security. We are looking for someone to develop innovative technologies that enable new capabilities in these areas to address existing and emerging company needs. We are a growing team and seek like-minded individuals who want to work on challenging problems in a fast-paced, supportive, and flexible environment.
- Manage mobile device penetration testing efforts across various products, platforms, and solutions from hardware and software architecture, systems, subsystems, applications, components, and interface levels
- Review, define, and improve TracFone mobile device security (Android, iOS) penetration testing plans
- Provide guidance and lead advancement of the TracFone mobile device security certification team
- Perform threat modeling and architectural risk analysis for mobile devices and applications as well as attack surface hardening, exploit mitigation, static & dynamic analysis, and reverse engineering
- Research and develop mobile security penetration tools and solutions for use by internal teams
- Conduct research to identify new attack vectors and proactive countermeasures for mobile devices (baseband, HLOS Android/iOS, applications, and services)
- Lead in ensuring maximum security per expectations is delivered on all products at Production
- Work closely with TracFone Sr. Products, Solutions, & Services development mobile device security team and with all handset manufacturers/OEMs to provide validation for TracFone products and sync on relevant findings
- Report on testing and hacking results of mobile device security certification team
- Identify and address issues of concern during mobile device security certification and penetration testing via effective collaboration with multiple teams
- Correlate pen-test findings to existing threat model to identify gaps and recommend improvements to processes
- Handle technical account management duties with handset manufacturers
- Provide subject matter expert (SME) support to internal (Mobile Device Security, Product Development Group, etc.) and external (handset manufacturers, chipset vendors, etc) parties
- Handle the rapidly increasing complexity of platforms & technologies
- Participate as the mobile device security technical expert in departmental and company projects/initiatives related to mobile device security penetration testing and applications
- Maintain expert knowledge in the field of mobile security penetration testing via extensive research and collaboration
- Provide technical white papers and presentations as a result of research & development efforts
- Provide training to MDS team internally on mobile device security penetration testing
- Bachelor’s Degree in Electrical Engineering, Computer Engineering, or Computer Science. Master’s Degree is a plus.
- 5+ years experience in:
- Hands-on experience in development and penetration testing of mobile device platforms (baseband, HLOS Android/iOS, applications, services), including via official/unofficial mobile security testing tool.
- Threat modeling and architectural risk analysis on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
- Hands-on experience with software development in a mobile environment, with a focus in the following areas: kernel driver, hardware-software interface, mobile O/S and application development (Android, iOS), testing & troubleshooting in C, C++, Objective C, or Java
- Static and dynamic vulnerability analysis, reverse engineering, exploit mitigation, and attack surface hardening on mobile device platforms (baseband, HLOS Android/iOS, applications, services)
- Developing and improving processes for mobile device (Android, iOS) security penetration testing teams
- Hands-on experience with technical requirements gathering, verification/validation planning, compliance assessment and reporting.
- Working with pen-test plans to ensure they are in compliance with requirements and threat models
- Conducting research and development activities in order to further company and departmental initiatives
- Interfacing and collaborating with cross-functional teams via excellent written and verbal communication skills
- Expert knowledge of official and unofficial mobile device (Android, iOS) security penetration testing tools
- Expert knowledge in OWASP mobile risks and methodologies
- Good knowledge in defensive security constructs including digital signatures, encryption, firewalls, PKI, anti-debugging, AAA, key exchange, key entropy, software and hardware protection mechanisms, DRM, Trustzone
- Good knowledge of offensive security techniques including reverse engineering, digital forgery, encryption attacks, debugging, defeating anti-debugging, man in the middle attacks, logic flaws, hardware & software exploits preferred
- Certifications in CISSP, CISM, CISA, and/or CEH preferred
TracFone Wireless' formula for success is simple — exclusive focus on prepaid cell phones and service. Unlike most prepaid providers, TracFone Wireless does not require its customers to enter into a service contract. TracFone Wireless customers enjoy the freedom TracFone has to offer — No Bills, No Contracts, No Surprises — you are in control. Prepaid is all TracFone Wireless does and with over 23 million subscribers, TracFone Wireless does it better than anybody else.
TracFone Wireless believes that cell phone ownership is a right and an important tool for individual success in today's world. Everyone should have a cell phone without the need for a contract or a high credit rating. People should have the right to always know what their cell phone service will cost and no one should have to pay more than they want or can afford. TracFone Wireless believes in making the cost to own & maintain a cell phone as low as possible and TracFone Wireless never charges extra fees to activate your service.
TracFone Wireless is glad to lead the movement in the U.S. to make cell phone service available to everyone. TracFone Wireless invests hundreds of millions of dollars every year to reduce the prices of our cell phones and make them affordable for all.
Company Type: Public Company
Company Size: 501-1000