Application Security Engineer


Bangalore, IN
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 04/06/2021
  • Website:
  • Company Address: 415 East Middlefield Road, Mountain View, CA, 94043

About MobileIron

MobileIron is redefining enterprise security with the industry’s first mobile-centric, zero trust platform built on the foundation of unified endpoint management (UEM) to secure access and protect data across the perimeter-less enterprise. Zero trust assumes that bad actors are already in the network and secure access is determined by a “never trust, always verify” approach. MobileIron goes beyond identity management and gateway approaches by utilizing a more comprehensive set of attributes before granting access. A mobile-centric, zero trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user.

Job Description

Industry leading brands who are defining the future of work, adopt MobileIron to secure access to the enterprise, through the world’s most ubiquitous product—the mobile device. We’ve created a single point of secure and frictionless access to the perimeter-less enterprise —from any device, managed by MobileIron, someone else, or not all.

Our mobile-centric, zero trust approach validates and verifies a comprehensive set of signals and the correlation between the user, device, applications, networks and potential threats before granting secure access to the device. Our zero trust platform is built on the foundation of our award-winning and industry-leading unified endpoint management (UEM) capabilities with enabling technologies of zero sign-on (ZSO) user and device authentication, multi-factor authentication (MFA), and mobile threat detection (MTD.) And we didn't stop there. We've gone beyond traditional UEM, identity and gateway solutions, to bring together mobile, security and the way people want to work—so you can free your people to be productive without limits and passwords.

MobileIron. The center of enterprise security

Recognized by Gartner as a leader in eight UEM MQs and recently noted by Forbes as one of the “Top 10 Cybersecurity Companies To Watch In 2020”

What you’ll be doing…

As an Application Security Engineer, you will work with multiple highly skilled development teams to improve and execute Mobileiron’s Secure Development Life Cycle to provide secure products and solutions to Mobileiron and our clients. Acting as a subject matter expert, you will be responsible for providing secure coding best practices and guidance to development teams while also working to enable tools and capabilities that support Mobileiron’s SDLC processes. You will collaborate closely with the Security Architecture & Engineering team to optimize the technical capabilities of our application security assessment tools to provide reliable automated testing solutions.

Key Qualifications

  • 5+ years of experience in web application security, SSDLC, Threat Modeling
  • Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
  • Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
  • Passion for understanding and researching vulnerabilities and exploitation techniques
  • Knowledge of development and integration tools and technologies (e.g. CI/CD)
  • Knowledge of test automation frameworks and how they can be brought to bear for security QE
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
  • Ability to work in a self directed environment that is highly collaborative and cross functional
  • Educate application developers to enhance quality of security in the code
  • Programming experience with Java web application & Python
  • Knowledgeable regarding backend security topics such as secret management and service authentication
  • Perform penetration tests and coordinate third-party vendor Pen Tests
  • Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations

Who you are

  • Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
  • Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
  • Passion for security. We’re looking for people who genuinely care about working to create a secure product with modern, agile facing practices.

You are an ideal candidate if you have

  • B.S. Computer Science or similar combination of education and experience
  • Deep software development experience (Java, iOS and Android APIs, Web, Python)
  • Good communication skills
  • Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
  • Have experience in web, database, information and/or infrastructure security
  • Know and love learning about the latest security tools, infrastructure, and industry best practices
  • Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
  • Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
  • Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats

Related Jobs

Staff Software Engineer

MobileIron - Bangalore, IN

Staff Software Engineer - DevOps

MobileIron - Bangalore, IN

Staff Software Engineer- MacOS/iOS

MobileIron - Bangalore, IN

Senior Software Development Engineer in Test - IOS/Android

MobileIron - Hyderabad, IN

Application Security Engineer

MobileIron - Bangalore, IN
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.