Mobile App Security Developer (HarmonyOS Next)
We are seeking a Mobile App Security Developer with expertise in HarmonyOS Next to join our team. You will play a critical role in designing, developing, and implementing security solutions for HarmonyOS-based applications, ensuring robust protection against emerging threats. Your work will directly contribute to the security posture of next-generation mobile applications in a rapidly evolving ecosystem.
Key Responsibilities:
* Develop and implement security features for HarmonyOS Next applications, focusing on data protection, secure authentication, encryption, and API security.
* Perform threat modeling and security assessments to identify vulnerabilities in HarmonyOS apps and apply best practices from OWASP MASVS, NIST, and other security frameworks.
* Ensure app attestation and runtime integrity, leveraging platform security mechanisms to verify the authenticity and integrity of applications.
* Implement secure API communication, including TLS certificate pinning and token-based authentication to prevent Man-in-the-Middle (MitM) attacks.
* Work on reverse engineering resilience, ensuring HarmonyOS apps are protected against debugging, tampering, and runtime instrumentation.
* Develop obfuscation and anti-tampering techniques to protect HarmonyOS apps from unauthorized modification and reverse engineering.
* Collaborate with mobile developers, DevSecOps, and backend engineers to ensure end-to-end security in the mobile app development lifecycle.
* Conduct penetration testing and security reviews of HarmonyOS apps, analyzing risks from side-loading, API abuse, and unauthorized access.
* Stay up to date with HarmonyOS security updates, industry trends, and threat intelligence to continuously improve security measures.
Qualifications & Skills:
* 3+ years of experience in mobile app security, focusing on Android, iOS, or HarmonyOS.
* Strong experience with HarmonyOS Next development and ArkUI, OpenHarmony, and Huawei DevEco Studio.
* Expertise in mobile security frameworks, including OWASP MASVS, MASTG, and NIST mobile security standards.
* Proficiency in secure coding practices using C/C++, Java, ArkTS, and HarmonyOS SDKs.
* Hands-on experience with code obfuscation, RASP, and anti-tampering tools.
* Knowledge of cryptography, secure storage, key management, and authentication protocols (OAuth2, JWT, etc.).
* Experience with reverse engineering tools (Frida, Ghidra, IDA Pro) and security testing tools (Burp Suite, MobSF, Drozer).
* Familiarity with API security, certificate pinning, and Approov/Attestation services for API protection.
* Understanding of device attestation, app signing, and secure execution environments.
Preferred Qualifications:
* Experience in HarmonyOS security architecture and Huawei HMS Core security APIs.
* Prior work with mobile application hardening, runtime integrity checks, and emulator/root detection.
* Certifications such as OSCP, CEH, CISSP, or GIAC Mobile Device Security Analyst (GMOB).
* Familiarity with CI/CD security integration and DevSecOps methodologies.
Why Join Us?
* Work on cutting-edge mobile security solutions for the HarmonyOS Next ecosystem.
* Be part of an innovative and highly skilled mobile security team.
* Competitive salary, benefits, and professional growth opportunities.
* Opportunity to influence and shape security best practices for next-gen HarmonyOS applications.
How to Apply: Submit your resume to https://approov.io/info/careers
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Engineering and Information Technology
Industries: Software Development
#J-18808-Ljbffr