Overview
Remote
On Site
Full Time
Skills
Mobile Applications
JavaScript
Web Security
TLS
HTTPS
IOS Development
Android
Microsoft Windows
OS X
Linux
Generative Artificial Intelligence (AI)
Cryptography
Authentication
OAuth
Hardening
C
Rust
Kotlin
Swift
C#
Dynamic Testing
Penetration Testing
Software Development
Threat Modeling
Design Patterns
Management
Incident Management
Communication
Open Source
Storage
DRM
Software Security
Caching
Privacy
Reverse Engineering
Debugging
Security Architecture
Computer Science
Cyber Security
Job Details
Quals--
Minimum Requirements
5+ years of experience in application or product security, with a track record of securing desktop and mobile applications.
Strong understanding of secure architecture for thick clients, including local storage protection, inter-process communication, JavaScript engines, OS-level security features, and web security standards (CSP, same-origin policy, TLS/HTTPS).
Experience with mobile (iOS/Android) and desktop (Windows/macOS/Linux) application security models.
Proficiency in GenAI security, modern cryptography, certificate management, secure authentication (OAuth, WebAuthn, FIDO2), and secure session handling.
Knowledge of OS-level hardening techniques, sandboxing, privilege separation, and secure use of platform APIs.
Hands-on experience with secure coding practices in at least one systems language (C++, Rust, Go) and one application language (Kotlin, Swift, C#).
Familiarity with static/dynamic analysis tools, fuzzing, penetration testing, and reverse engineering for client applications.
Experience embedding security into the software development lifecycle (threat modeling, code reviews, secure design patterns).
Ability to manage incident response and vulnerability remediation for thick client environments.
Strong cross-team communication skills and ability to write clear developer-facing security guidelines.
Preferred
Contributions to open-source client frameworks, SDKs, or application security tools.
Prior work with secure local storage, anti-tampering, DRM, or obfuscation in client software.
Familiarity with offline-first application security challenges (sync, caching, data persistence).
Experience with privacy-preserving client design, including minimizing telemetry and preventing data leakage.
Deep understanding of reverse engineering techniques and defenses (e.g., code obfuscation, anti-debugging, integrity checks).
Experience leading security architecture for a thick client application launch at scale.
Advanced degree (MS/PhD) in Computer Science, Cybersecurity, or related field.
Minimum Requirements
5+ years of experience in application or product security, with a track record of securing desktop and mobile applications.
Strong understanding of secure architecture for thick clients, including local storage protection, inter-process communication, JavaScript engines, OS-level security features, and web security standards (CSP, same-origin policy, TLS/HTTPS).
Experience with mobile (iOS/Android) and desktop (Windows/macOS/Linux) application security models.
Proficiency in GenAI security, modern cryptography, certificate management, secure authentication (OAuth, WebAuthn, FIDO2), and secure session handling.
Knowledge of OS-level hardening techniques, sandboxing, privilege separation, and secure use of platform APIs.
Hands-on experience with secure coding practices in at least one systems language (C++, Rust, Go) and one application language (Kotlin, Swift, C#).
Familiarity with static/dynamic analysis tools, fuzzing, penetration testing, and reverse engineering for client applications.
Experience embedding security into the software development lifecycle (threat modeling, code reviews, secure design patterns).
Ability to manage incident response and vulnerability remediation for thick client environments.
Strong cross-team communication skills and ability to write clear developer-facing security guidelines.
Preferred
Contributions to open-source client frameworks, SDKs, or application security tools.
Prior work with secure local storage, anti-tampering, DRM, or obfuscation in client software.
Familiarity with offline-first application security challenges (sync, caching, data persistence).
Experience with privacy-preserving client design, including minimizing telemetry and preventing data leakage.
Deep understanding of reverse engineering techniques and defenses (e.g., code obfuscation, anti-debugging, integrity checks).
Experience leading security architecture for a thick client application launch at scale.
Advanced degree (MS/PhD) in Computer Science, Cybersecurity, or related field.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.