Sr. Product Security Engineer

Los Angeles · Los Angeles Or Remote · Los Angeles · Los AngelesRemoteFull-timesenior

SecurityProduct Security EngineerCybersecurity

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Raya application facilitates social networking,

Technical Tools

SecurityProduct Security EngineerCybersecurity

Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Raya application facilitates social networking, emphasizing connections among individuals within creative industries, and requires a selective application process. Raya App, Inc., also offers "Places," a travel application that provides curated destination recommendations. Both applications underscore the company's focus on fostering private online communities and upholding values such as trust, respect, and privacy.

We are seeking a highly skilled and experienced Senior Product Security Engineer to lead our efforts particularly in securing our Apple mobile iOS application and its related infrastructure. This role will be pivotal in embedding security best practices throughout the software development lifecycle, from design to deployment, with a specific focus on our iOS app. The ideal candidate will possess a strong technical background in mobile security, excellent leadership abilities, and a proactive approach to identifying and mitigating security risks within the mobile ecosystem. This position will report directly to the Head of Information Security, and act as the technical lead of our Green Security Team, but not have any direct reports.

iOS App Security Architecture & Design: Eventually lead the security review of iOS application architecture and design, ensuring security is built-in from the ground up.

Code Review and Static/Dynamic Analysis: Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) tools.

Vulnerability Management (Backend/Mobile): Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructure.

Threat Modeling: Perform threat modeling for new features and existing components of the iOS application and its backend services.

Secure Development Lifecycle (SDL): Drive the adoption and enforcement of secure development practices within the mobile engineering teams.

API Security: Ensure the security of APIs consumed and exposed by the iOS application.

Cloud Security for Mobile Backend: Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security posture.

Incident Response (Mobile): Support incident response activities related to the iOS application, including investigation and remediation.

Security Tooling: Evaluate, implement, and manage security tools relevant to mobile application security.

Security Training & Awareness: Provide guidance and training to mobile developers on secure coding practices.

Reporting: Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructure.

8+ years of experience in a security role with a strong focus on application security.

5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application security.

Extensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10).

Strong understanding of iOS platform security features and best practices.

Proficiency in NodeJS with a minimum of 5 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments.

3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructure.

Experience with static and dynamic application security testing (SAST/DAST) tools for mobile applications.

Excellent analytical, problem-solving, and troubleshooting skills.

2+ years of experience in a senior or lead security engineer role.

Strong proficiency of AI coding platforms like Claude Code, Copilot, etc.

Strong leadership and communication skills, with the ability to influence and collaborate across engineering teams.

Ability to prioritize tasks and manage projects effectively in a fast-paced environment.

Experience with scripting and automation (e.g., Python, Bash) for security tasks.

Experience with GitHub Actions.

Experience with DevSecOps and CICD SCA tools.

Experience with mobile penetration testing.

Relevant security certifications (e.g., CISSP, CSSLP, GIAC Mobile Device Security).

Experience with integrating security into CI/CD pipelines for mobile applications.