Security Architecture & Strategy 

• Contribute to the definition and implementation of application and mobile security architecture,  standards, and best practices. 
• Develop and maintain reusable security patterns, reference architectures, frameworks, and  design guidelines across application and mobile platforms. 
• Ensure security designs align with enterprise architecture principles, cloud strategy, technology  roadmaps, and post-go-live operational requirements. 
• Conduct architecture reviews, risk assessments, and threat modelling to support secure solution  design. 
• Identify design-level security risks and propose practical, risk-based mitigation recommendations
• Translate regulatory and internal policy requirements into actionable security architecture  controls under guidance from senior stakeholders. 
• Support regulatory reviews, audits, and technology risk assessments by providing clear  architectural documentation and evidence. 
• Contribute to the continuous improvement of application and mobile security maturity, tools,  and practices. 

Mobile Application & SDK Security 

• Define security architecture for mobile applications (iOS / Android) and embedded mobile SDKs.
• Establish standards for secure mobile development, including:  

• • Secure authentication and authorization 
  • Secure API consumption and backend integration 
  • Secure local storage (Keychain / Keystore)
  • Runtime protections (anti-tamper, jailbreak/root detection) 
• Address mobile-specific threat vectors such as reverse engineering, SDK abuse, credential theft,  and runtime manipulation. 
• Align mobile security architecture with OWASP MASVS / MSTG and organizational security  policies. 

Cryptography & Post-Quantum Readiness (PQC) 

• Define and govern cryptographic architecture, including encryption, key management, PKI, and  secure communications. 
• Lead crypto-agility and PQC readiness initiatives, including:  

• • Cryptographic inventory and risk assessment (“harvest-now, decrypt-later”)
  • Design of hybrid cryptographic approaches (classical + PQC-resistant) 
  • Alignment with NIST PQC standards and industry guidance 
• Ensure cryptographic controls are consistently applied across applications, mobile SDKs, APIs, and  cloud services. 

Cloud, API & DevSecOps Security 

• Provide security architecture guidance for cloud-native, containerized, and API-driven  architectures. 
• Support secure development, deployment, and integration across platforms and environments
• Embed security controls into DevSecOps practices and CI/CD pipelines, including mobile build  pipelines. 

• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related discipline.
• 4–7 years of experience in application security, mobile security, cloud security, or security  engineering. 
• Practical experience contributing to security architecture or design reviews.
• Strong understanding of application and mobile security principles, including iOS / Android and  mobile SDK security. 
• Familiarity with mobile threats such as reverse engineering, tampering, SDK abuse, and  credential theft. 
• Working knowledge of OWASP Top 10 and OWASP MASVS / MSTG. 
• Solid understanding of cryptographic fundamentals (TLS, encryption, key management, PKI) and  exposure to crypto-agility and Post-Quantum Cryptography (PQC) concepts.
• Experience securing cloud platforms (AWS and/or Azure), including IAM, data protection, and  secure networking. 
• Familiarity with API security, cloud-native architectures, and DevSecOps / CI/CD security  practices. 
• Experience participating in threat modelling (e.g. STRIDE, MITRE ATT&CK) and design-level risk  assessments. 
• Awareness of regulatory and internal security policy requirements and experience supporting  audits or risk assessments. 
• Strong communication and collaboration skills, with the ability to work effectively across  engineering, platform, risk, and compliance teams. 
• Relevant certifications (e.g. Security+, cloud associate, or progress toward CISSP / CCSP / CISM)  are a plus.