Mobile Security Engineer

At OneSpan we are looking for a Security Analyst (Android / iOS) to join our team in Noida. In this role, you will contribute to the research, development, and validation of advanced mobile security protections within our Android and iOS SDKs. You will work on identifying attack techniques, designing and implementing new countermeasures, analyzing bypass attempts, and continuously strengthening the Runtime Application Self-Protection (RASP) capabilities of our mobile security platform, collaborating closely with our engineering and security research teams.

·         Research, design, develop, and validate mobile security countermeasures for Android and iOS applications.

·         Analyze Android and iOS applications to identify security weaknesses, attack vectors, and potential bypass techniques against mobile protections.

·         Perform reverse engineering of mobile applications, malware samples, and security tools to understand attacker techniques and improve defensive capabilities.

·         Develop and enhance Runtime Application Self-Protection (RASP) mechanisms such as anti-debugging, anti-instrumentation, anti-tampering, anti-hooking, and environment integrity checks.

·         Research and reproduce real-world attacks such as hooking, dynamic instrumentation, tampering, and runtime manipulation against protected applications.

·         Prototype, implement, and evaluate new detection techniques in native and platform-specific code (C/C++, Kotlin, Swift, Objective-C).

·         Use reverse engineering and dynamic analysis tools to assess the effectiveness of protection mechanisms and identify potential bypasses.

·         Support the design, architecture, and continuous improvement of our Android and iOS mobile security SDKs.

·         Research and monitor the Indian mobile banking and fintech regulatory landscape (including RBI guidelines and CERT-In requirements) to identify emerging threats and inform the team's research direction for the region.

·         Engage independently with enterprise customers in the region during technical discussions, able to defend product decisions and countermeasure design without requiring real-time support from the Europe-based team.

·         Document research findings, attack techniques, and defensive approaches, contributing to internal security knowledge and threat intelligence.

·         Participate in technical discussions, security research initiatives, and product roadmap decisions.

Who are you? There is no set route to become part of Build38. But to be successful in this role, this is the kind of profile we have in mind:

·         Between 5-12 years of experience in application security, mobile security, reverse engineering, or penetration testing.

·         Strong understanding of Android and/or iOS application security.

·         Experience performing reverse engineering of mobile applications.

·         Familiarity with dynamic instrumentation and runtime analysis techniques.

·         Experience using reverse engineering tools such as IDA Pro, Ghidra, JEB, or JADX.

·         Experience with dynamic analysis or instrumentation tools such as Frida, GDB, LLDB, or similar.

·         Experience developing RASP countermeasures for Android and/or iOS, or at least performing technical analysis and evaluation of mobile RASP protections.

·         Ability to analyze compiled code and understand low-level behavior.

·         Ability to communicate (verbally and writing) in English.

·         Ability to make recommendations and decisions independently.

·         Familiarity with the Indian banking/fintech regulatory environment and its implications for mobile application security.

·         Nice to have:

o Experience analyzing mobile malware.
o Experience in penetration testing environments or security evaluation laboratories.
o Knowledge of Android internals (ART, system APIs, root environments) or iOS security mechanisms.
o Experience with native code analysis (C/C++).
o Interest in mobile application protection technologies such as obfuscation, anti-tampering, and RASP.
o Experience with Git.
o Experience with CI/CD pipelines.
o Knowledge of the Unix/Linux command line / shell.
o Experience with Agile/Scrum best practices.
o Analytical thinking and problem-solving attitude.
o Strong interest in security research and continuous learning.

#LI-Onsite
#LI-LS1