Senior iOS Mobile Security Specialist

Job Description

At Cream City Cyber, we understand the convergence of physical and digital risks and how they impact businesses and governments alike. Our battle-tested experts have been trusted advisors for decades, offering tailored security solutions to help clients navigate evolving landscapes. We strive to mitigate risks with confidence, enabling our partners to thrive in a connected world.

We are seeking a passionate and experienced iOS Mobile Security Specialist to join our team. This role emphasizes analyzing, designing, and maintaining secure mobile applications, with a strong focus on iOS security (Swift/Objective-C) and mobile security for the iOS ecosystem. The successful candidate will take on thorough security assessments and embed security best practices throughout the Software Development Life Cycle (SDLC). This is a unique opportunity to contribute to critical security measures that protect millions of users globally. If you are passionate about mobile security, thrive in dynamic environments, and are eager to shape the future of secure digital products, this role is for you!

Key Responsibilities

Security Analysis and Implementation

· Analyze and inspect mobile iOS applications to determine security position and remediations

· Conduct manual and automated code reviews to identify security flaws

· Implement and promote secure coding practices in mobile application development

· Help design and implement comprehensive security architectures for iOS apps

Security Testing and Compliance

• Perform threat modeling, identify vulnerabilities, and develop risk mitigation strategies

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on mobile applications

• Conduct penetration tests to identify and exploit vulnerabilities in mobile applications

• Ensure compliance with standards such as OWASP Mobile Top 10, PCI DSS, NIST 800-53, etc.

• Ensure compliance with App Store and other regulatory requirements

Collaboration and Cross-Functional Teamwork

• Collaborate with cross-functional teams (designers, product managers, QA engineers, operations) to embed security throughout the SDLC

• Collaborate with development teams to ensure end-to-end encryption, authentication, and secure data storage are integral to mobile apps

• Collaborate with DevOps teams to automate vulnerability checks in CI/CD pipelines

• Participate in security audits and ensure adherence to security policies and industry standards

Incident Response and Continuous Improvement

• Monitor and respond to mobile security incidents, participating in incident response processes

• Manage the vulnerability lifecycle from discovery to remediation and monitoring

• Stay updated on emerging security threats and implement measures to protect mobile apps

• Implement secure data storage mechanisms, including local encryption and key management

• Ensure secure API integrations to prevent injection attacks and data breaches

• Help inform, develop, and enforce security policies, standards, and guidelines for mobile applications

Required Qualifications

· Bachelor’s degree in computer science, information security, or a related field, 5+ years in mobile application development

· Extensive experience in iOS application development using Swift/Objective-C, ideally also familiarity with the Android (Java/Kotlin) application stack.

· Proficiency in iOS frameworks (UIKit, Core Data)

· In-depth knowledge of mobile security vulnerabilities (OWASP Mobile Top 10) and remediation techniques

· Familiarity with mobile security testing tools (e.g., MobSF, Drozer, Burp Suite, OWASP ZAP)

· Strong understanding of cryptography principles, secure data storage, and key management

Preferred Qualifications

· Relevant security certifications (CISSP, CSSLP, CEH, GMOB)

· Experience with mobile reverse engineering tools such as Frida, Cycript, etc.

· Knowledge of App Store compliance requirements

· Familiarity with advanced encryption techniques and secure app distribution

Skills & Competencies

· Problem-Solving: Ability to think like an attacker, identify threats, and mitigation strategies

· Strong Communication: Capable of explaining complex security concepts to technical and non-technical stakeholders.

· Collaboration: Excellent working with cross-functional teams to achieve secure solutions

· Continuous Learning: Passionate about staying updated on the latest security trends

· Attention to Detail: Thorough in code reviews, architecture design, and security audits

Full-time