IDEMIA Public Security ยท 13 hours ago
Penetration Testing Engineer IV
United States
Full-time
Remote
Mid, Senior Level
$93K/yr - $117K/yr
5+ years expIDEMIA Public Security is a leading provider of secure and trusted biometric-based solutions. They are seeking a Penetration Testing Engineer IV to conduct comprehensive penetration testing and security assessments on various systems, including mobile applications and cloud infrastructure.
Information Technology & Services
No H1B
U.S. Citizen Only
Responsibilities
Conduct comprehensive penetration testing of Mobile ID applications (Android and iOS)
Perform security assessments of Digital Identity Wallet and Civil Identity backend systems and APIs
Test cloud infrastructure security controls across AWS environments
Evaluate biometric authentication systems and liveness detection mechanisms
Assess PKI implementation, SOC 2, X.509 certificate management, and cryptographic controls
Conduct network penetration testing of government integration points and DMV connections
Perform social engineering assessments targeting identity verification processes
Test mobile SDK security implementations and third-party integrations
Evaluate web application security for citizen enrollment portals
Assess compliance with government security frameworks (NIST, FedRAMP, FISMA)
Develop detailed vulnerability reports with risk ratings and remediation guidance
Collaborate with development teams to validate security fixes and implement secure coding practices
Participate in threat modeling sessions for new product features
Maintain testing tools and develop custom exploits for identity-specific vulnerabilities
Qualification
Required
iOS and Android penetration testing tools (Frida, Objection, MobSF)
Mobile application reverse engineering
Runtime application security testing (RAST)
Mobile device forensics and analysis
Biometric security assessment techniques
PKI and certificate authority security testing
OAuth, SAML, and JWT vulnerability assessment
Multi-factor authentication bypass techniques
AWS security testing methodologies
Container and Kubernetes security assessment
API security testing (REST/SOAP)
Cloud configuration review and hardening
Network penetration testing tools (Nmap, Metasploit, Burp Suite)
Web application security testing (OWASP Top 10)
Social engineering and phishing assessment
Wireless network security testing
OSCP (Offensive Security Certified Professional)
5+ years of hands-on penetration testing experience
Experience with mobile application security testing
Background in testing government or highly regulated systems
Experience with identity management and authentication systems
Knowledge of compliance frameworks (NIST Cybersecurity Framework, ISO 27001)
Preferred
CISSP (Certified Information Systems Security Professional)
CEH (Certified Ethical Hacker)
GWEB (GIAC Web Application Penetration Tester)
GMOB (GIAC Mobile Device Security Analyst)
Knowledge of digital identity standards (FIDO Alliance, W3C)
Familiarity with government identity verification processes
Experience with automated security testing tools
Background in secure software development lifecycle (SDLC)
Knowledge of privacy regulations (SOC2, GDPR, CCPA)
Experience with threat intelligence and adversary simulation
Benefits
Bonus
Benefits
Company
IDEMIA Public Security
As our world becomes increasingly digitally connected, personal identity and security only become more important.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Donnie Scott
Chief Executive Officer
Doug Harvey
Chief Technology Officer
Company data provided by crunchbase