Senior/Staff Mobile Security Engineer (Fintech)

TL;DR

Senior/Staff Mobile Security Engineer (Mobile Security): Designing and implementing tamper-resistant security systems for the World App across Android and iOS with an accent on device attestation and biometric integrity. Focus on building hardware-backed key attestation, preventing reverse engineering, and securing on-device cryptographic operations at global scale.

Location: Must be based in the USA (indicated by US-specific benefits like 401k and commuter benefits)

Salary: $251,000 - $325,000

Company

hirify.global is building the World protocol, a global identity and financial network designed to verify real humans in the age of AI.

What you will do

• Design and operate mobile device attestation and integrity verification systems using Android KeyStore TEE/StrongBox and Apple App Attest.
• Engineer anti-tampering, anti-hooking, and runtime integrity protections to resist reverse engineering and frameworks like Frida or Xposed.
• Own the end-to-end mobile hardening strategy, including certificate pinning, secure storage, and obfuscation.
• Design cryptographic protocols for on-device biometric authentication resistant to replay and deepfake injection attacks.
• Build and maintain the server-side Attestation Gateway to validate Play Integrity tokens and Apple App Attest assertions.
• Lead threat modeling for mobile attack surfaces and embed security into the SDLC through code reviews and CI/CD automation.

Requirements

• 8+ years of hands-on experience in mobile security engineering with deep expertise in Android or iOS.
• Proven experience with Android Hardware Key Attestation, Google Play Integrity API, or Apple App Attest at a systems level.
• Strong background in mobile application hardening (root/jailbreak detection, debugger detection, runtime protection).
• Proficiency in mobile reverse engineering using tools such as jadx, apktool, and Frida.
• Fluency in Kotlin/Java (Android) and/or Swift (iOS) for security-focused development and code review.
• Eligibility to work in the United States is required.

Nice to have

• Experience building server-side attestation verification services.
• Experience with RASP vendor evaluation (e.g., Guardsquare, Zimperium).
• Background in payment security or PCI-compliant mobile applications.
• Familiarity with zero-knowledge proofs (ZKP) or differential privacy.
• Proficiency in Rust, Go, or Python for backend security tooling.

Culture & Benefits

• Comprehensive healthcare, dental, and vision insurance.
• 401(k) plan with company match.
• Competitive long-term incentive package.
• Flexible time off and professional development stipend.
• Commuter benefits and life insurance.