Mobile Security Engineer - Product Security

Airkit
Airkit

Product

San Francisco, CA, USA

Posted on Jun 30, 2026

Description

The Experience

The Product Security team is seeking a Mobile Security Engineer who will own the security posture of Salesforce's mobile application portfolio — spanning many distinct apps and mobile Software Development Kits (SDKs) across iOS and Android for nearly every Cloud and acquisition. You'll be the dedicated technical owner for mobile application security testing, vendor-managed mobile scanning platforms, and security design reviews for mobile features, working at the intersection of mobile platform security and product engineering. Your work will directly protect the apps that millions of customers interact with daily, from the Salesforce flagship app to Tableau Mobile, Field Service, Trailhead, and Mobile Publisher. Join a team committed to ensuring every mobile release ships with validated security controls and that runtime protection, authentication flows, and binary hardening meet the highest standards.

What You'll Actually Be Doing

  • Perform manual and automated security assessments of iOS and Android applications, including binary reverse engineering, dynamic instrumentation, authenticated scanning, and review of OAuth/PKCE flows, certificate pinning implementations, and jailbreak/root detection controls.

  • Operate and expand the mobile scanning platform across the mobile app portfolio, manage pre-production Continuous Integration/Continuous Delivery (CI/CD) pipeline integration, configure scanning rulesets, triage findings, and coordinate quarterly with external penetration testing vendors.

  • Conduct secure code reviews across Swift, Kotlin, Java, and React Native mobile codebases, embed security controls in mobile SDKs and feature development, and lead threat modeling sessions for mobile-specific attack surfaces including on-device AI, app attestation, and deep linking.

  • Provide mobile security guidance to engineering teams across all Clouds, translate mobile findings into actionable remediation, respond to customer compliance questionnaires, and serve as the mobile security subject-matter expert for release planning and incident response.

  • Build and ship high-quality, production-grade security tooling and automation using modern engineering practices, with AI as a core part of your development workflow — pushing the boundaries of AI development tools to deliver secure, optimized, and high-quality code.

  • Design and orchestrate complex systems where AI agents integrate seamlessly into security workflows, driving efficiency and innovation at scale.

  • Contribute to building and maintaining shared system context — an explicit repository of system designs, constraints, and standards that enables AI to operate accurately and reliably. Critically evaluate code (human- or AI-generated) for correctness, quality, security, and performance.

You're Our Person If...

  • You have 2+ years in application security, mobile security testing, or mobile development with demonstrated knowledge of iOS and Android platform security models, the Open Web Application Security Project (OWASP) Mobile Top 10, and common mobile vulnerability classes.

  • You have hands-on experience with the mobile platform toolchain (Xcode/Android Studio)

  • Familiarity with security testing tools such as Frida, NowSecure, objection, MobSF, Burp Suite, or commercial mobile Static/Dynamic Application Security Testing (SAST/DAST) platforms.

  • You have an understanding of mobile authentication patterns (OAuth 2.0, PKCE, SAML), runtime protection mechanisms (code obfuscation, anti-hooking, anti-tampering), and app store ecosystem security considerations for both Apple and Google Play.

  • You have strong communication skills with the ability to explain mobile-specific risks to engineering partners who may not have mobile security context.

  • You bring a demonstrated, genuine AI-first approach to engineering — using AI to move faster, build fluency across the stack, and contribute well beyond your core specialty.

  • You have experience using AI tools (e.g., Claude Code, GitHub Copilot, Codex, Cursor, etc.) in development workflows.

  • You have advanced prompt engineering skills and the ability to write precise, structured prompts and cultivate the system context that makes AI outputs reliable, secure, and production-ready.

  • A related technical degree required.

Even Better If...

  • You have experience evaluating mobile runtime protection tools such as Promon, DexGuard, or similar Runtime Application Self-Protection (RASP) solutions on jailbroken or rooted devices.

  • You hold mobile-focused security certifications such as GIAC Mobile Device Security Analyst (GMOB), or general offensive certifications such as Offensive Security Certified Professional (OSCP) or Offensive Security Web Expert (OSWE) with demonstrated mobile testing experience.

  • You have active participation in mobile bug bounty programs (HackerOne, Bugcrowd), published mobile security research, Common Vulnerabilities and Exposures (CVE) disclosures, or contributions to open-source mobile security tools.

  • You have experience with mobile CI/CD pipelines, automated binary scanning integration, or familiarity with the Salesforce ecosystem and applying AI tools such as Claude, Cursor, or Gemini for security assessments.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.