Himalayas logo
RayaRA

Sr. Product Security Engineer

Raya is a private, membership-based community connecting people globally.

Raya

Employee count: 51-200

United States only

Stay safe on Himalayas

Never send money to companies. Jobs on Himalayas will never require payment from applicants.

Raya is a technology company that operates an exclusive, membership-based social network, comprising two primary applications. The Raya application facilitates social networking, emphasizing connections among individuals within creative industries, and requires a selective application process. Raya App, Inc., also offers "Places," a travel application that provides curated destination recommendations. Both applications underscore the company's focus on fostering private online communities and upholding values such as trust, respect, and privacy.
We are seeking a highly skilled and experienced Senior Product Security Engineer to lead our efforts particularly in securing our Apple mobile iOS application and its related infrastructure. This role will be pivotal in embedding security best practices throughout the software development lifecycle, from design to deployment, with a specific focus on our iOS app. The ideal candidate will possess a strong technical background in mobile security, excellent leadership abilities, and a proactive approach to identifying and mitigating security risks within the mobile ecosystem. This position will report directly to the Head of Information Security, and act as the technical lead of our Green Security Team, but not have and direct reports.

Responsibilities

  • iOS App Security Architecture & Design: Lead the security review of iOS application architecture and design, ensuring security is built-in from the ground up.
  • Code Review and Static/Dynamic Analysis: Conduct security-focused code reviews for the iOS application, and implement/manage static and dynamic application security testing (SAST/DAST) tools.
  • Vulnerability Management (Mobile): Oversee the identification, assessment, and remediation of vulnerabilities within the iOS application and its supporting infrastructure.
  • Threat Modeling: Perform threat modeling for new features and existing components of the iOS application and its backend services.
  • Secure Development Lifecycle (SDL): Drive the adoption and enforcement of secure development practices within the mobile engineering teams.
  • API Security: Ensure the security of APIs consumed and exposed by the iOS application.
  • Cloud Security for Mobile Backend: Manage and refine cloud IAM roles and permissions for the mobile app's backend infrastructure to enforce the principle of least privilege and improve our cloud security posture.
  • Incident Response (Mobile): Support incident response activities related to the iOS application, including investigation and remediation.
  • Security Tooling: Evaluate, implement, and manage security tools relevant to mobile application security.
  • Security Training & Awareness: Provide guidance and training to mobile developers on secure coding practices.
  • Reporting: Report directly to the Head of Information Security on the security posture of the iOS application and related infrastructure.

Qualifications

  • 8+ years of experience in a security role with a strong focus on application security.
  • 5+ years of experience in a product security engineering role with a strong focus on mobile (iOS) application security.
  • Extensive experience with secure coding principles, mobile security frameworks, and common mobile vulnerabilities (e.g., OWASP Mobile Top 10).
  • Strong understanding of iOS platform security features and best practices.
  • Proficiency in Swift/Objective-C with a minimum of 3 years of Swift experience, and experience with mobile development tools and environments.
  • Proficiency in NodeJS with a minimum of 3 years of NodeJS experience, and experience with NodeJS backend mobile development tools and environments.
  • 3+ years of experience with cloud security principles and cloud IAM (e.g., AWS IAM, Cloud Connectivity) as it relates to mobile backend infrastructure.
  • Experience with static and dynamic application security testing (SAST/DAST) tools for mobile applications.
  • Excellent analytical, problem-solving, and troubleshooting skills.
  • 2+ years of experience in a senior or lead security engineer role.
  • Strong proficiency of AI coding platforms like Claude Code, Copilot, etc.
  • Strong leadership and communication skills, with the ability to influence and collaborate across engineering teams.
  • Ability to prioritize tasks and manage projects effectively in a fast-paced environment.
  • Experience with scripting and automation (e.g., Python, Bash) for security tasks.
  • Experience with GitHub Actions.
  • Experience with DevSecOps and CICD SCA tools.

Preferred Qualifications

  • Experience with mobile penetration testing.
  • Relevant security certifications (e.g., CISSP, CSSLP, GIAC Mobile Device Security).
  • Experience with integrating security into CI/CD pipelines for mobile applications.
  • Experience with securing Artificial Intelligence within a mobile product
  • Basic experience with Python3.11+ for general scripting and integrations.

About the job

Apply before

Posted on

Job type

Full Time

Experience level

Senior

Location requirements

United States

Hiring timezones

United States +/- 0 hours

Job categories

SecurityProduct Security EngineerSenior Security EngineerSenior Principal Security EngineerSenior Security Engineering ManagerSenior Cybersecurity EngineerSenior Cloud Security Software Engineer

Skills

SwiftObjective CNodeJSPythonBASHiOSAWS IAMSASTDASTThreat ModelingAPI SecurityGitHub ActionsDevSecOpsDynamicGitHubRefineSDL

About Raya

Learn more about Raya and their company culture.

View company profile

Raya is a private, membership based community for people all over the world to connect and collaborate. The platform provides a space for individuals from diverse backgrounds to come together, share experiences, and develop relationships that transcend geographical barriers. As a membership community, Raya curates its members to foster genuine interactions and meaningful connections, creating a supportive environment for personal and professional growth.

With an emphasis on collaboration, Raya encourages its members to engage in various projects and initiatives that promote collective creativity and innovation. The community thrives on the idea that by bringing together diverse perspectives and skills, members can achieve greater success and fulfillment in their endeavors. Whether it's through networking opportunities, workshops, or social events, Raya is dedicated to facilitating connections that empower its members and enrich their lives.

Claim this profileRaya logoRA

Raya

Company size

51-200 employees

Founded in

2014

Chief executive officer

Daniel Gendelman

Markets

Social NetworkingProfessional NetworkingMembership CommunitiesOnline CommunitiesLifestyleCreative CollaborationEvent NetworkingDigital MediaInfluencer and Creator EconomyMobile Application

Employees live in

United States
View company profile

Similar remote jobs

Here are other jobs you might want to apply for.

View all remote jobs

5 remote jobs at Raya

Explore the variety of open remote roles at Raya, offering flexible work options across multiple disciplines and skill levels.

View all jobs at Raya
Top remote companies

Remote companies like Raya

Find your next opportunity by exploring profiles of companies that are similar to Raya. Compare culture, benefits, and job openings on Himalayas.

View all companies

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan
Save
Apply now