We connect consumers to their money — through leading-edge mobile banking, payments and commerce solutions. We’re the mobile development engine of FIS — the largest, Fortune 500, global Fintech company — powering over 1,400 banking apps and 30 million mobile users. Our solution is branded by our customers — banks and retailers — so you might not have heard of us. But, if you’ve used a banking app, you’re most likely using FIS Mobile software.
Join us in setting the standard in mobile financial services. The top concern of mobile banking users is security; the role of Lead Mobile Security Engineer is to ensure that our solution can consistently keep our users safe through enterprise-grade security. This position will help lead the effort to analyze and remedy security issues around our mobile, web, and server software applications, as well as internal and external supporting tools. This role is responsible for supporting the team through the security development lifecycle by developing best practices, performing scans, managing escalations, designing and implementing security measures, providing supporting documentation, and driving security-related capabilities and tooling.
- Serve as expert responsible for tracking, remediating and preparing action plans regarding security concerns
- Maintain security roadmaps on security state and top risks across products
- Try to break our systems and APIs to ensure that no one else can
- Perform internal scans, evaluate third party scans, and analyze results
- Conduct security reviews of application architectures to assess technical and business risk, identify threats and vulnerabilities, and propose solutions
- Analyze and replicate attacks using advanced industry tools
- Participate in software design process to identify thread models, perform design, and code reviews
- Work hands-on to improve and extend our security frameworks
- Understand and evangelize industry best practices, drive internal awareness sessions, and workshops
- Keep up to date on latest attack trends and methods, particularly those concerning mobile and web applications
- Develop test plans for security verification and assist development teams with security testing methodologies and tools
- 10+ years software engineering experience.
- 4+ years of professional software security experience
- 2+ years of experience in application security architecture and design
- Understanding of security concepts of Internet technologies, architectures, and protocols: browsers, cookies, web servers, proxies, firewalls, sockets, TCP/IP. SSL, PKI, X509, SAML, and OAuth
- Proven understanding of Cryptography and Java Security APIs
- Proficiency in Enterprise Java application architectures and broad knowledge of security-related OSS libraries, such as Spring Security
- In-depth and hands-on experience with application servers and web service standards and technologies (REST / JAX-RS, SOAP)
- Understanding of static code analysis tools such as Fortify
- Awareness of standards relevant to the software industry (e.g. ISO, CMM, Six Sigma)
- BS/BA in Computer Engineering, Computer Science or equivalent combination of education and experience
- Outstanding verbal and written communication skills, as well as excellent analytical, decision-making, problem-solving, organizational and time management skills
- Experience with securing iOS or Android apps or experience working in the Finance Industry a plus
Expert/lead role. Has team leadership duties, including instructing, assigning and checking the work of other Software Engineers. Assists in planning, organizing and controlling the activities of the team. Coordinates the activities of the team with other IT teams and the product management team. Specialized depth and/or breadth of skills, experience and proficiency. Acts as expert technical resource to software engineering staff in the development, testing and implementation processes. Frequently acts as a Project Leader. Receives general direction from management. Assists in all levels of supervision and may perform management functions in the absence of the Manager or may act as Project Manager for major projects. Does not have hire, fire, performance coaching/development authority.