Mobile Security Engineer

OneSpan

Barcelona, Spain

In this role, you will contribute to the research, analysis, and validation of advanced mobile security protections within our Android and iOS SDKs. You will work on identifying attack techniques, analyzing bypass attempts, and strengthening the Runtime Application Self-Protection (RASP) capabilities of our mobile security platform, collaborating closely with our engineering and security research teams.

Job Duties and Responsibilities

Analyze Android and iOS applications to identify security weaknesses, attack vectors, and potential bypass techniques against mobile protections.
Perform reverse engineering of mobile applications and malware samples to understand attacker techniques and improve detection capabilities.
Research and reproduce real-world attacks such as hooking, dynamic instrumentation, tampering, and runtime manipulation against protected applications.
Support the design, validation, and continuous improvement of our mobile security SDK, which provides Runtime Application Self-Protection (RASP) for Android and iOS applications.
Use reverse engineering and dynamic analysis tools to evaluate the effectiveness of protection mechanisms and identify potential bypasses.
Collaborate with security engineers to design new detection mechanisms such as anti-debugging, anti-instrumentation, anti-tampering, and environment integrity checks.
Document research findings and contribute to internal security knowledge and threat intelligence.
Participate in the team’s life and contribute to technical discussions and decision-making.

Requirements

3+ years of experience in application security, mobile security, reverse engineering, or penetration testing.
Strong understanding of Android and/or iOS application security.
Experience performing reverse engineering of mobile applications.
Familiarity with dynamic instrumentation and runtime analysis techniques.
Experience using reverse engineering tools such as IDA Pro, Ghidra, JEB, or JADX.
Experience with dynamic analysis or instrumentation tools such as Frida, GDB, LLDB, or similar.
Ability to analyze compiled code and understand low-level behavior.
Ability to communicate (verbally and writing) in English.
Ability to make recommendations and decisions independently.
Great team player, comfortable working and collaborating with other team members to achieve common goals.

Nice to have:

Experience analyzing mobile malware.
Experience in penetration testing environments or security evaluation laboratories.
Knowledge of Android internals (ART, system APIs, root environments) or iOS security mechanisms.
Experience with native code analysis (C/C++).
Interest in mobile application protection technologies such as obfuscation, anti-tampering, and RASP.
Experience with Git.
Experience with CI/CD pipelines.
Knowledge of the Unix/Linux command line / shell.
Experience with Agile/Scrum best practices.
Analytical thinking and problem-solving attitude.
Strong interest in security research and continuous learning.