Sr. Product Security Engineer

Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Raya application facilitates social networking, emphasizing connections among individuals within creative industries, and requires a selective application process. Raya App, Inc., also offers "Places," a travel application that provides curated destination recommendations. Both applications underscore the company's focus on fostering private online communities and upholding values such as trust, respect, and privacy.We are seeking a highly skilled and experienced Senior Product Security Engineer to lead our efforts particularly in securing our Apple mobile iOS application and its related infrastructure. This role will be pivotal in embedding security best practices throughout the software development lifecycle, from design to deployment, with a specific focus on our iOS app. The ideal candidate will possess a strong technical background in mobile security, excellent leadership abilities, and a proactive approach to identifying and mitigating security risks within the mobile ecosystem. This position will report directly to the Head of Information Security, and act as the technical lead of our Green Security Team, but not have any direct reports.ResponsibilitiesiOS App Security Architecture & Design: Eventually lead the security review of iOS application architecture and design, ensuring security is built-in from the ground upCode Review and Static/Dynamic Analysis: Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) toolsVulnerability Management (Backend/Mobile): Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructureThreat Modeling: Perform threat modeling for new features and existing components of the iOS application and its backend servicesSecure Development Lifecycle (SDL): Drive the adoption and enforcement of secure development practices within the mobile engineering teamsAPI Security: Ensure the security of APIs consumed and exposed by the iOS applicationCloud Security for Mobile Backend: Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security postureIncident Response (Mobile): Support incident response activities related to the iOS application, including investigation and remediationSecurity Tooling: Evaluate, implement, and manage security tools relevant to mobile application securitySecurity Training & Awareness: Provide guidance and training to mobile developers on secure coding practicesReporting: Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructureQualifications8+ years of experience in a security role with a strong focus on application security5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application securityExtensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10)Strong understanding of iOS platform security features and best practicesProficiency in NodeJS with a minimum of 5 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructureExperience with static and dynamic application security testing (SAST/DAST) tools for mobile applicationsExcellent analytical, problem-solving, and troubleshooting skills2+ years of experience in a senior or lead security engineer roleStrong proficiency of AI coding platforms like Claude Code, Copilot, etcStrong leadership and communication skills, with the ability to influence and collaborate across engineering teamsAbility to prioritize tasks and manage projects effectively in a fast-paced environmentExperience with scripting and automation (e.g., Python, Bash) for security tasksExperience with GitHub ActionsExperience with DevSecOps and CICD SCA toolsPreferred QualificationsExperience with mobile penetration testingRelevant security certifications (e.g., CISSP, CSSLP, GIAC Mobile Device Security)Experience with integrating security into CI/CD pipelines for mobile applicationsExperience with securing Artificial Intelligence within a mobile productBasic experience with Python3.11+ for general scripting and integrationsSWIFT programming experience; if you don’t know it you will be expected to learn it in your first yearWe may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.