Mobile Application Security Engineer - Open to flexible & hybrid working
Mobile Application Security Engineer
Lloyds Banking Group
London based (required in the office 1-3 days per week with the rest from home, we are comfortable with you living anywhere in the UK as long as you are able to commute to the office as required under your own cost)
Salary & Benefits: £57,861 to £90,137 (depending on experience) base salary, plus annual personal bonus, 15% employer pension contribution (when you put in 6%), 4% flexible cash pot, private medical insurance, 30 days holiday plus bank holidays.
At Lloyds we are motivated by a clear purpose: to help Britain prosper. Our goals are broad and bold: we want to use digital to support people buying their first home, help them save for the future and support businesses to start up and grow. We will do so by tackling social disadvantage in England and championing Britain's diversity at the same time.
Do you want to grab a unique professional opportunity to drive product excellence and digital cultural change?
We are looking for an experienced Mobile Security Engineer that is passionate in Mobile Application Security, Cryptography and code: this role is part of the Digital Platform and Releases Lab.
Here is where our teams shape and build the capabilities that Lloyds Banking needs to empower our Customers with state-of-the-art digital products. Using customer-centric design driven methodologies, we aspire to build experiences allowing our Customers to do banking on their terms. Some examples of what we do are native Mobile App UI components, Mobile App Security frameworks and components, Mobile SDKs, efficient E2E Delivery pipelines.
This role will be pivotal in building, delivering, and driving the security of our mobile platform.
The key aspect of this role is the design and delivery of a world-class security framework, including associated services (penetration testing, obfuscation, etc.). These capabilities will enable our commercially and service-minded colleagues to build their own propositions autonomously, focusing on building the best experience for our Customers whilst using enterprise standard components.
Examples of specific activities might include;
- You will be comfortable at evangelising and influencing feature teams in adopting security patterns
- You will demonstrate compliance with Bank policies and standards
- You will identify, review, evaluate and mitigate potential risks ensuring adherence to relevant security patterns and frameworks or to ensure compliance with internal/external regulations
- You will take ownership of specific security problems and deliver customer focused outcomes
- You are a team player, can build relationships and work productively with other teams across a variety of domains
- You are an adaptable and quick learner, absorbing information to keep pace with a changing landscape
- You enjoy contributing to the success of your team through close collaboration and communication
- You want to work on applications that have millions of active users, and regularly deliver new features into their hands
What do you need in order to apply & be considered?
We like to see applications from diverse industry and role backgrounds, however as a minimum to be seriously considered you will need;
- Hands-on experience of Mobile platform security, threat models and mitigation techniques
- Experience in pen-testing specifically for Mobile
- Demonstrable systematic and analytical approach to problem solving with the ability to resolve specific security issues or events
- You have a proactive and positive attitude towards identifying continuous improvement and supporting change and new ways of working
- You have a good understanding of cryptography and you can provide calculated recommendations about using the right ciphers, modes, key lengths, hashing algorithms, etc. adequate to mitigate security risks without impacting application performances
We have a wide range of desirable experience, however please apply if you have the above core skills. If you have the below that would be a bonus!
- You have a general awareness of the types of new technologies emerging in the security landscape along with a high level understanding of Cloud technology
- Excellent knowledge and understanding of Mobile security testing methodology
- You are quite comfortable using the following tools: Hopper Disassembler, Radare, IDA Pro, Jeb, Jadx, Burp Suite Pro, Xcode, Android Studio, ADB, Apktool, YARA, Frida, Objection, Cycript, Theos, Cydia Substrate
- You have good knowledge of DevSecOps tooling and automation frameworks
- Background or hands-on knowledge in Mobile development
- A passion for any of the mobile platforms and a keen interest in upcoming changes in the mobile operating systems, the tools and APIs such as security libraries
- You can read and write assembly code (ARM/ARM64)
We're focused on creating a values-led culture, and our approach to inclusion and diversity means that we all have the opportunity to make a real difference, together.
So if you have the skills, background and outlook we're seeking and this opportunity appeals then get in touch, we'd love to hear from you...
Together, we make it possible!