Mobile Device Vulnerability & Configuration Compliance Engineer

DUTIES:

The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner with internal stakeholders to design, validate, and operationalize an automated mobile device vulnerability scanning and configuration compliance capability across enterprise-issued mobile endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR, ITSM, and asset inventory/CMDB systems.

The engineer will establish and maintain mobile vulnerability management processes aligned to corporate and regulatory requirements, develop continuous compliance and policy enforcement strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture.

Key Responsibilities:

• Define PoT scope, success criteria, and test plans for automated mobile vulnerability scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
• Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy, scalability, device impact, privacy controls, and reporting fidelity.
• Execute pilots across representative device populations validating: 
     o Vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps)
     o Configuration compliance checks (encryption, jailbreak/root, screen lock, OS hardening)
     o Integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)
• Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record, 
  and go/no-go recommendation.
• Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with regulatory requirements (NYDFS).
• Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization, remediation, validation, reporting.
• Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance impact).
• Coordinate remediation with endpoint engineering, mobility admins, app owners, and operations teams.
• Validate remediation effectiveness using scanner re-runs, policy compliance, and audit evidence.
• Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS 
  and Android.T
• Translate requirements into enforceable policies (password/biometrics, encryption, OS update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging settings).
• Implement compliance monitoring and drift detection; drive automated or semi-automated corrective actions.
• Build automation scripts and APIs to normalize and enrich findings.
• Support change management and communications for new controls impacting device behavior and user experience.
• Provide technical guidance and training to operations teams for ongoing support.

SKILLS:

• Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching, permissions, app ecosystems, jailbreak/root detection concepts.
• Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs, validation, metrics.
• Configuration compliance: baseline hardening, policy enforcement, continuous compliance monitoring, and drift remediation.
• Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace One + Microsoft Threat Defense, or equivalent.
• MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or equivalent.
• Enterprise integration skills: API integration, data normalization, and automation with SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow).
• Identity & access: conditional access concepts, device compliance states, SSO, certificates, MFA, posture-based access controls.
• Scripting/automation: PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth, and secrets management.
• Security documentation: ability to author PoT plans, architecture diagrams, operational runbooks, and audit evidence.
• Excellent documentation and stakeholder management skills.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management skills; experience presenting PoT results and recommendations.
• Ability to work independently and across multifunctional teams.
• Detail-oriented with a focus on process improvement and operational excellence.
• Ability to manage multiple workstreams (pilot + integration + operations) with minimal supervision.
• Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or similar frameworks.

EDUCATIONAL REQUIREMENTS:

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Engineering, or equivalent practical experience.

RELEVANT CERTIFICATIONS:

• CompTIA Security+, CySA+
• GIAC: GSEC, GMON, or related (if available/appropriate)
• Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)
• Governance / Risk / Architecture (bonus)
• CISSP, CISM, CCSP
• ITIL Foundation (for ITSM integration and operations maturity)

EXPERIENCE LEVEL

• 5 – 8+ years in cybersecurity/endpoint security, with 2 – 4+ years specifically in mobile/UEM security, vulnerability management, or compliance engineering

LOCATION:

• Hybrid - New York, Springfield or Boston, MA

Note: Remote option available for the ideal candidate.