IDEMIA Public Security, a division of IDEMIA Group, is the leading provider of secure and trusted biometric-based solutions, transforming public and private organizations across the globe. Our industry-enabled and client-specific solutions draw upon decades of expertise in biometrics to revolutionize the fields of public security, justice and public safety, travel and transport, identity, and access control. Built on privacy and trust, our market-leading iris, fingerprint and facial recognition solutions top independent benchmarking for accuracy, fairness and scalability. These exacting standards enable our clients to build safer, fairer societies where people can live, interact, and move about freely. With 4000+ employees around the world and 150+ partners worldwide, we offer more than just a job - we provide a dynamic environment where innovation thrives, opportunities abound, and your talents are valued. Be part of a global leader shaping the future of biometric based technology. Learn more here.
- Conduct comprehensive penetration testing of Mobile ID applications (Android and iOS)
- Perform security assessments of Digital Identity Wallet and Civil Identity backend systems and APIs
- Test cloud infrastructure security controls across AWS environments
- Evaluate biometric authentication systems and liveness detection mechanisms
- Assess PKI implementation, SOC 2, X.509 certificate management, and cryptographic controls
- Conduct network penetration testing of government integration points and DMV connections
- Perform social engineering assessments targeting identity verification processes
- Test mobile SDK security implementations and third-party integrations
- Evaluate web application security for citizen enrollment portals
- Assess compliance with government security frameworks (NIST, FedRAMP, FISMA)
- Develop detailed vulnerability reports with risk ratings and remediation guidance
- Collaborate with development teams to validate security fixes and implement secure coding practices
- Participate in threat modeling sessions for new product features
- Maintain testing tools and develop custom exploits for identity-specific vulnerabilities
**The US base salary range for this position is $93,440 - $116,813 + bonus + benefits. Our salary ranges are determined by role and level. The range displayed on each job posting reflects the compensation target for the role across all US locations. Individual pay is determined by job-related skills, experience, and relevant education or training. Beyond offering a competitive total rewards package, we offer various opportunities to support team member growth and success**.
Required Technical Skills:
- **Mobile Application Security Testing:**
- iOS and Android penetration testing tools (Frida, Objection, MobSF)
- Mobile application reverse engineering
- Runtime application security testing (RAST)
- Mobile device forensics and analysis
- **Identity & Authentication Security:**
- Biometric security assessment techniques
- PKI and certificate authority security testing
- OAuth, SAML, and JWT vulnerability assessment
- Multi-factor authentication bypass techniques
- **Cloud Security Assessment:**
- AWS security testing methodologies
- Container and Kubernetes security assessment
- API security testing (REST/SOAP)
- Cloud configuration review and hardening
- **General Penetration Testing:**
- Network penetration testing tools (Nmap, Metasploit, Burp Suite)
- Web application security testing (OWASP Top 10)
- Social engineering and phishing assessment
- Wireless network security testing
Required Certifications:
- **Minimum Required:** OSCP (Offensive Security Certified Professional)
- **Preferred Additional Certifications:**
- CISSP (Certified Information Systems Security Professional)
- CEH (Certified Ethical Hacker)
- GWEB (GIAC Web Application Penetration Tester)
- GMOB (GIAC Mobile Device Security Analyst)
- CISSP (Certified Information Systems Security Professional)
Required Experience:
- 5+ years of hands-on penetration testing experience
- Experience with mobile application security testing
- Background in testing government or highly regulated systems
- Experience with identity management and authentication systems
- Knowledge of compliance frameworks (NIST Cybersecurity Framework, ISO 27001)
Desired Skills:
- Knowledge of digital identity standards (FIDO Alliance, W3C)
- Familiarity with government identity verification processes
- Experience with automated security testing tools
- Background in secure software development lifecycle (SDLC)
- Knowledge of privacy regulations (SOC2, GDPR, CCPA)
- Experience with threat intelligence and adversary simulation
Software Powered by iCIMS
www.icims.com