WHAT WE EXPECT FROM YOU

Proven experience in mobile application security, especially in governmental or regulated environments.
Deep understanding of secure mobile architectures, app shielding, in-app protection, and runtime integrity.
Familiarity with eIDAS2, EUDI Wallets, ISO 18013-5, NIST CSF, OWASP, PCI MPoC, and BSI TR-03161-1.
Experience with security frameworks (e.g., OWASP - MASVS / MASWSE / MASTG), threat modeling, and risk management.
Strong knowledge of Android/iOS security models, secure coding, build & deployment lifecycles, and app store compliance.
Ability to translate complex security requirements into development tasks.
Excellent communication skills for workshops, presentations, and proposal support.
Certifications (for ex., CISSA / CSSLP / CISSP) is a plus.
Reference: 84LgapwOlqxMF4pJyXhgAVsc4UrJ7apxHRhHFjpwa6geL7_HEqtbogBWw_mQ-72_

YOUR RESPONSIBILITIES

Design and document secure architectures for mobile identity solutions
Define security requirements based on threat modeling and risk assessments, aligned with standards (ISO 18013, eIDAS2, NIST CSF, OWASP MASVS, PCI MPoC, BSI TR-03161).
Conduct structured threat modeling (e.g., STRIDE) and risk assessments Evaluate attack vectors, including rooting, hooking, reverse engineering, emulator use, MITM, replay attacks, and API abuse.
Prioritize mitigations using frameworks like MoSCoW and traceability matrices.
Lead workshops to define and prioritize security features (e.g., RASP, secure storage, mTLS, attestation, app lifecycle management).
Develop implementation plans and support make-or-buy decisions for security components.
Ensure mobile apps meet regulatory and certification requirements (e.g., TSA, AAMVA, FIME/BSI).
Map security controls to OWASP Mobile Top 10 and MAS Checklist.
Guide software development teams in secure coding practices and platform-specific security (Android/iOS).
Collaborate with product managers, architects, and external partners.
Support proposal writing and technical presentations for internal and external stakeholders.
Define and oversee security testing strategies, including penetration testing, MAST, and app vetting.
Integrate security into CI/CD pipelines and support continuous security integration (DevSecOps).

MORE INFO ABOUT US

A member of the Veridos Group based in Munich and Berlin

Product development throughout the entire product lifecycle

Our systems manage millions of citizen records on a daily level

High-quality projects and an international environment

The Belgrade office has 70+ engineers

PERKS AND BENEFITS

Learning through a training program and from fellow experts

Free meals and fruit

Private health insurance and regular medical check-ups

Sport and activity sessions

Available parking space near the company

Two team building activities per year

Veridos Netset

Kao deo Veridos grupe, sa sedištem u Beogradu, predstavljamo pouzdanog partnera u realizaciji elektronskih servisa baziranih na sigurnim mehanizmima verifikacije identiteta korisnika. Specijalizovani smo za razvoj složenih informacionih sistema za upravljanje podacima građana, sa fokusom na…

Više o poslodavcu Više o poslodavcu na HelloWorld

Beneficije

Edukacija, profesionalni razvoj

Hrana i piće

Sport i rekreacija