Mobile Device Vulnerability Management & Configuration Compliance Engineer

Title: Mobile Device Vulnerability Management & Configuration Compliance Engineer

Location: Springfield, Boston or New York/ NJ

Job Description:

The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner with internal stakeholders to design, validate, and operationalize an automated mobile device vulnerability scanning and configuration compliance capability across enterprise-issued mobile endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR, ITSM, and asset inventory/CMDB systems.

The engineer will establish and maintain mobile vulnerability management processes aligned to corporate and regulatory requirements, develop continuous compliance and policy enforcement strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture.

Key Responsibilities

• Define PoT scope, success criteria, and test plans for automated mobile vulnerability scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
• Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy, scalability, device impact, privacy controls, and reporting fidelity.
• Execute pilots across representative device populations validating:
• vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps)
• configuration compliance checks (encryption, jailbreak/root, screen lock, OS hardening)
• integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)

• Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record, and go/no-go recommendation.
• Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with regulatory requirements (NYDFS).
• Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization, remediation, validation, reporting.
• Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance impact).
• Coordinate remediation with endpoint engineering, mobility admins, app owners, and operations teams.
• Validate remediation effectiveness using scanner re-runs, policy compliance, and audit evidence.
• Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS and Android.
• Translate requirements into enforceable policies (password/biometrics, encryption, OS update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging settings).

•                Implement compliance monitoring and drift detection; drive automated or semi-automated corrective actions.

•                Build automation scripts and APIs to normalize and enrich findings.

•                Support change management and communications for new controls impacting device behavior and user experience.

•                Provide technical guidance and training to operations teams for ongoing support.

Required Skills

•                Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching, permissions, app ecosystems, jailbreak/root detection concepts.

•                Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs, validation, metrics.

•                Configuration compliance: baseline hardening, policy enforcement, continuous compliance monitoring, and drift remediation.

•                Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace One Microsoft Threat Defense, or equivalent.

•                MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or equivalent.

•                Enterprise integration skills: API integration, data normalization, and automation with SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow).

•                Identity & access: conditional access concepts, device compliance states, SSO, certificates, MFA, posture-based access controls.

•                Scripting/automation: PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth, and secrets management.

•                Security documentation: ability to author PoT plans, architecture diagrams, operational runbooks, and audit evidence.

•                Excellent documentation and stakeholder management skills.

•                Strong analytical and problem-solving skills.

•                Excellent communication and stakeholder management skills; experience presenting PoT results and recommendations.

•                Ability to work independently and across multifunctional teams.

•                Detail-oriented with a focus on process improvement and operational excellence.

•                Ability to manage multiple workstreams (pilot integration operations) with minimal supervision.

•                Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or similar frameworks.

Educational Requirements

•                Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Engineering, or equivalent practical experience.

Relevant Certifications

•                CompTIA Security , CySA

•                GIAC: GSEC, GMON, or related (if available/appropriate)

•                Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)

•                Governance / Risk / Architecture (bonus)

•                CISSP, CISM, CCSP

•                ITIL Foundation (for ITSM integration and operations maturity)

 Experience Level

•                5 – 8 years in cybersecurity/endpoint security, with 2 – 4 years specifically in mobile/UEM security, vulnerability management, or compliance engineering.

Salary : $50 - $55