Security Engineer, Mobile

Technology

Hyderabad, India (Main Office)

Permanent

Ready to apply?

Get started with your online application

Apply now

Why Deliveroo?

Our mission is to transform the way you shop and eat, bringing the neighbourhood to your door by connecting consumers, restaurants, shops and riders. We are transforming the way the world eats and shops by making access to food and products more convenient and enjoyable. We give people the opportunity to buy what they want, as they want it, as they want it.We are a technology-driven company at the forefront of the most expanding industry in the world. We are still a small team, making a very large impact, looking to answer some of the most interesting questions out there. We move fast, value autonomy and, we are always looking for new ideas.

As a Mobile Security Engineer, you will work with IT and engineering teams daily to ensure applications and products have been developed and deployed securely. There will be a constant need for you to get hands-on to identify or help resolve issues whilst looking at ways to lead automation and consistency in adopting a mature approach to security.

Reporting to the Head of Product Security, this hands-on technical role will work on a range of security projects. You will directly influence the security posture of many applications and products across the company to ensure that security plays an important part in the development and engineering life cycles.

 

What you'll do:

  • Be one of the central points of contact with the business with regards to mobile security.

  • Work with important partners to ensure that security is built into the design of our mobile applications across the business.

  • Promote mobile security and the adoption of advanced security controls and testing methodologies across the business..

  • Integrate and maintain important security controls and technologies for the Security team to support Mobile Security for all three sides of the Deliveroo marketplace.

  • Deliver security automation at scale throughout the company to ensure high speed, automated security testing throughout the delivery pipeline.

  • Analyse our mobile applications to identify important security risks, and recommend and guide security improvements using a risk-based approach.

  • Support vulnerability assessments and security testing.

  • Work with engineers to remediate vulnerabilities and writing fixes yourself.

  • Support the Security Risk Management function on security policies, security audits, vulnerability compliance, and risk management.

  • Work on the product security engagement plan, to educate engineers by scaling up security champions, implementing a framework for security best practice, threat modelling, and security input into design reviews.

 

Requirements

  • Minimum 4 years working as a Mobile Security Engineer with further hands-on experience in security (Such as application security).

  • Bachelor's degree in computer science or equivalent practical experience.

  • Security certifications such as CISSP, CEH, SANS, CREST, and OCSP.

  • Background or hands-on knowledge in Mobile development.

  • Experience of Mobile security pen testing methodologies.

  • Familiar with security reinforcement of mobile applications, experience in reverse analysis of client applications.

  • Master the common security vulnerabilities and solutions of the mobile client, and be familiar with the security testing and vulnerability detection.

  • Understanding of encryption and cryptographic protocols, including SSL / TLS, AES, and RSA.

  • Experience using the following tools: Hopper Disassembler, Radare, IDA Pro, Jeb, Jadx, Burp Suite Pro, Xcode, Android, Studio, ADB, Apktool, YARA, Frida, Objection, Cycript, Theos, Cydia Substrate, Magisk.

  • A passion for any of the mobile platforms and a interest in upcoming changes in the mobile operating systems, the tools and APIs such as security libraries.

  • Familiarity with multiple programming languages, especially: C, Java, Kotlin, Objective-C, Swift, Java-Script, Python, and Bash.

  • Familiarity with DevSecOps tooling, testing and automation frameworks.

  • Be able to perform mobile application security assessments to identify design and implementation flaws, potential vulnerabilities and threats.

  • Have general awareness of the types of new technologies emerging in the security landscape including the latest mobile security threats, trends, and technologies.

 

Preferred, but not required:

  • A mix of consulting and industry experience.

  • Experience with Bug bounty programmes.

 

 

Workplace & Benefits

At Deliveroo we know that people are the heart of the business and we prioritise their welfare. Benefits differ by country, but we offer many benefits in areas including healthcare, well-being, parental leave, pensions, and generous annual leave allowances, including time off to support a charitable cause of your choice. Benefits are country-specific, please ask your recruiter for more information.

Diversity

At Deliveroo, we believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest-growing businesses in a growing industry.

We are committed to diversity, equity and inclusion in all aspects of our hiring process. We recognise that you may require adjustments to apply for a position or fairly participate in the interview process. If you require any adjustments, please don't hesitate to let us know. We will make every effort to provide the necessary adjustments to ensure you have an equitable opportunity to succeed.

 

This role is based in our Hyderabad office.

Perks

A competitive and comprehensive compensation and benefits package

Time to recharge

  • 15 days of annual leave, 12 days of casual leave, and public holidays
  • One paid day off each year to volunteer or support a charity of your choice

Wellness

  • Headspace membership
  • Gym or fitness membership
  • Private medical, medical subsidy or Wellbeing Allowance, dependent upon location

Compensation

  • We pay every employee competitively for the role they are performing in their respective location
  • Most employees are eligible for a variable cash bonus that directly rewards individual contributions and is linked with broader company success

Work Life

  • Flexible working hours and location flexibility
  • Competitive Parental Leave Policy
  • Work-from-home kit
  • Employee Assistance Programme
  • Roolearn platform, giving you access to content from leading L&D providers
  • Employee Resource Groups including Women in Tech, Roo-LGBTQ+, Racial Equity and more