Mobile Device Vulnerability Engineer

W2 ONLY - NO CORP TO CORP - NO VISA TRANSFER/SPONSORSHIP - NO 3RD PARTY CANDIDATES

The Mobile Device Vulnerability Management C Configuration Compliance Engineer will partner with internal stakeholders to design, validate, and operationalize an automated mobile device vulnerability scanning and configuration compliance capability across enterprise-issued mobile endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR, ITSM, and asset inventory/CMDB systems.

The engineer will establish and maintain mobile vulnerability management processes aligned to corporate and regulatory requirements, develop continuous compliance and policy enforcement strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture.

• Define PoT scope, success criteria, and test plans for automated mobile vulnerability scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
• Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy, scalability, device impact, privacy controls, and reporting fidelity.
• vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps)
• configuration compliance checks (encryption, jailbreak/root, screen lock, OS hardening)
• integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)
• Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record, and go/no-go recommendation.
• Coordinate with Info Sec and Compliance teams to ensure SaaS platform posture aligns with regulatory requirements (NYDFS).
• Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization, remediation, validation, reporting.
• Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance impact).
• Coordinate remediation with endpoint engineering, mobility admins, app owners, and operations teams.
• Validate remediation effectiveness using scanner re-runs, policy compliance, and audit evidence.
• Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS and Android.
• Translate requirements into enforceable policies (password/biometrics, encryption, OS update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging settings).
• Implement compliance monitoring and drift detection; drive automated or semi-automated corrective actions.
• Build automation scripts and APIs to normalize and enrich findings.
• Support change management and communications for new controls impacting device behavior and user experience.
• Provide technical guidance and training to operations teams for ongoing support.

• Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching, permissions, app ecosystems, jailbreak/root detection concepts.
• Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs, validation, metrics.
• Configuration compliance: baseline hardening, policy enforcement, continuous compliance monitoring, and drift remediation.
• Mobility Scanning Tool Experience (hands-on):
  Qualys Mobile VMDR, Lookout, Workspace One + Microsoft Threat Defense, or equivalent.
• MDM experience (hands-on):
  Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or equivalent.
• Enterprise integration skills: API integration, data normalization, and automation with SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; Service Now).
• Identity C access: conditional access concepts, device compliance states, SSO, certificates, MFA, posture-based access controls.
• Scripting/automation:
  Power Shell and/or Python; familiarity with REST APIs, JSON, OAuth, and secrets management.
• Security documentation: ability to author PoT plans, architecture diagrams, operational runbooks, and audit evidence.
• Excellent documentation and stakeholder management skills.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management skills; experience presenting PoT results and recommendations.
• Ability to work independently and across multifunctional teams.
• Detail-oriented with a focus on process improvement and operational excellence.
• Ability to manage multiple work streams (pilot + integration + operations) with minimal supervision.
• Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or similar frameworks.

or equivalent practical experience.

• CompTIA Security+, CySA+
• GIAC: GSEC, GMON, or related (if available/appropriate)
• Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)
• Governance / Risk / Architecture (bonus)
• CISSP, CISM,CCSP
• ITIL Foundation (for ITSM integration and operations maturity)

• 5 – 8+ years in…