移动安全工程师

COCC delivers complete enterprise processing solutions to financial institutions throughout the northeastern United States. Listed among American Banker's FinTech 100 and the Inc. 5,000 fastest growing companies in the nation, COCC inspires the industry with innovation and top quality support. Designated as a Top Workplace in Connecticut, COCC recognizes employees as the core of our success! COCC offers a progressive training program to support employees in personal and professional development.

What we need… A Mobile Security Engineer to collaborate across development and security teams to identify, assess, and remediate vulnerabilities across the mobile application stack. This role combines mobile application development with the integration of security practices throughout the development lifecycle. Responsibilities include incorporating security tools and frameworks, conducting hands-on security testing, developing automation to streamline security processes, promoting secure coding practices, and ensuring mobile security aligns with broader enterprise-wide security strategies.

What’s in it for you… COCC offers a unique and collaborative experience as you grow your career with us and all of the benefits you’d expect from an award-winning employer plus:

• Hybrid schedules and ample paid time off allowing you work/life balance and flexibility
• Customized training and onboarding to support you in your first year at COCC
• Robust employee development programs aligned with career pathing objectives
• Cutting-edge training and educational resources from vendors like SANS, PluralSight and CBTNuggets
• Generous PTO offerings, benefits and competitive compensation
• On-site fitness centers, wellness incentives, and lifestyle spending accounts
• Tuition Reimbursement
• One-on-one career coaching
• DEIB initiatives championing inclusion and encouraging you to bring your whole self to work
• Financial planning assistance with certified professionals
• Peer recognition programs

What you’ll do… Collaborate across development and security teams to identify, assess, and remediate vulnerabilities across the mobile application stack
Incorporate security tools and frameworks to enhance resilience against attacks
Develop and maintain scripts, tools, and/or automation frameworks to streamline security testing and vulnerability detection within the development lifecycle
Champion secure coding practices (OWASP Mobile Top 10, etc.) while working as part of the development team to architect and implement secure, scalable enhancements
Leverage tools like Burp Suite, MobSF, Frida, or Drozer to perform mobile security testing
Collaborate with Security Architecture & Engineering to integrate network security controls into the mobile stack
Stay current with emerging threats, vulnerabilities, and security technologies relevant to mobile platforms

What you’ll bring… Bachelor’s degree in Computer Science, Cybersecurity, IT, Software Development or related field (or equivalent experience)
4+ years of experience in mobile application security, including hands-on security and vulnerability testing
2+ years of experience in mobile application development (iOS and/or Android) with proficiency in Swift, Objective-C, Kotlin, and/or Java
Experience with mobile security testing tools (DAST) such as MobSF, Burp Suite, Frida, or Postman
Experience with mobile security testing tools (SAST) such as Checkmarx, Fortify, or SonarQube
Familiarity with CI/CD pipelines and DevSecOps practices
Strong communication to articulate technical security concepts to non-technical stakeholders
Certifications such as GMOB, GSEC, OSCP or commensurate experience preferred

The salary range for this position is $110000 - 155000 annually

Bachelor’s degree in Computer Science, Cybersecurity, IT, Software Development or related field (or equivalent experience)
4+ years of experience in mobile application security, including hands-on security and vulnerability testing
2+ years of experience in mobile application development (iOS and/or Android) with proficiency in Swift, Objective-C, Kotlin, and/or Java
Experience with mobile security testing tools (DAST) such as MobSF, Burp Suite, Frida, or Postman
Experience with mobile security testing tools (SAST) such as Checkmarx, Fortify, or SonarQube
Familiarity with CI/CD pipelines and DevSecOps practices
Strong communication to articulate technical security concepts to non-technical stakeholders
Certifications such as GMOB, GSEC, OSCP or commensurate experience preferred

Hybrid schedules and ample paid time off allowing you work/life balance and flexibility
Customized training and onboarding to support you in your first year at COCC
Robust employee development programs aligned with career pathing objectives
Cutting-edge training and educational resources from vendors like SANS, PluralSight and CBTNuggets
Generous PTO offerings, benefits and competitive compensation
On-site fitness centers, wellness incentives, and lifestyle spending accounts
Tuition Reimbursement
One-on-one career coaching
DEIB initiatives championing inclusion and encouraging you to bring your whole self to work
Financial planning assistance with certified professionals
Peer recognition programs

COCC delivers complete enterprise processing solutions to financial institutions throughout the northeastern United States. Listed among American Banker's FinTech 100 and the Inc. 5,000 fastest growing companies in the nation, COCC inspires the industry with innovation and top quality support. Designated as a Top Workplace in Connecticut, COCC recognizes employees as the core of our success! COCC offers a progressive training program to support employees in personal and professional development.