Penetration Testing Engineer IV jobs in United States
cer-icon
Apply on Employer Site
company-logo

IDEMIA · 1 week ago

Penetration Testing Engineer IV

positionUS
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$93K/yr - $117K/yr
date5+ years exp

IDEMIA is the leading provider of secure and trusted biometric-based solutions. The Penetration Testing Engineer IV will conduct comprehensive penetration testing and security assessments to ensure the integrity and security of Mobile ID applications and various backend systems.

Identity ManagementInformation TechnologyNetwork Security
badNo H1BnoteU.S. Citizen Onlynote

Responsibilities

Conduct comprehensive penetration testing of Mobile ID applications (Android and iOS)
Perform security assessments of Digital Identity Wallet and Civil Identity backend systems and APIs
Test cloud infrastructure security controls across AWS environments
Evaluate biometric authentication systems and liveness detection mechanisms
Assess PKI implementation, SOC 2, X.509 certificate management, and cryptographic controls
Conduct network penetration testing of government integration points and DMV connections
Perform social engineering assessments targeting identity verification processes
Test mobile SDK security implementations and third-party integrations
Evaluate web application security for citizen enrollment portals
Assess compliance with government security frameworks (NIST, FedRAMP, FISMA)
Develop detailed vulnerability reports with risk ratings and remediation guidance
Collaborate with development teams to validate security fixes and implement secure coding practices
Participate in threat modeling sessions for new product features
Maintain testing tools and develop custom exploits for identity-specific vulnerabilities

Qualification

Mobile Application Security TestingPenetration Testing ToolsCloud Security AssessmentIdentity & Authentication SecurityOSCP CertificationNetwork Penetration TestingWeb Application Security TestingCompliance Frameworks KnowledgeMobile Device ForensicsSocial Engineering AssessmentSecure Coding PracticesThreat Modeling

Required

Conduct comprehensive penetration testing of Mobile ID applications (Android and iOS)
Perform security assessments of Digital Identity Wallet and Civil Identity backend systems and APIs
Test cloud infrastructure security controls across AWS environments
Evaluate biometric authentication systems and liveness detection mechanisms
Assess PKI implementation, SOC 2, X.509 certificate management, and cryptographic controls
Conduct network penetration testing of government integration points and DMV connections
Perform social engineering assessments targeting identity verification processes
Test mobile SDK security implementations and third-party integrations
Evaluate web application security for citizen enrollment portals
Assess compliance with government security frameworks (NIST, FedRAMP, FISMA)
Develop detailed vulnerability reports with risk ratings and remediation guidance
Collaborate with development teams to validate security fixes and implement secure coding practices
Participate in threat modeling sessions for new product features
Maintain testing tools and develop custom exploits for identity-specific vulnerabilities
Mobile Application Security Testing: iOS and Android penetration testing tools (Frida, Objection, MobSF)
Mobile application reverse engineering
Runtime application security testing (RAST)
Mobile device forensics and analysis
Identity & Authentication Security: Biometric security assessment techniques
PKI and certificate authority security testing
OAuth, SAML, and JWT vulnerability assessment
Multi-factor authentication bypass techniques
Cloud Security Assessment: AWS security testing methodologies
Container and Kubernetes security assessment
API security testing (REST/SOAP)
Cloud configuration review and hardening
General Penetration Testing: Network penetration testing tools (Nmap, Metasploit, Burp Suite)
Web application security testing (OWASP Top 10)
Social engineering and phishing assessment
Wireless network security testing
Minimum Required: OSCP (Offensive Security Certified Professional)
5+ years of hands-on penetration testing experience
Experience with mobile application security testing
Background in testing government or highly regulated systems
Experience with identity management and authentication systems
Knowledge of compliance frameworks (NIST Cybersecurity Framework, ISO 27001)

Preferred

CISSP (Certified Information Systems Security Professional)
CEH (Certified Ethical Hacker)
GWEB (GIAC Web Application Penetration Tester)
GMOB (GIAC Mobile Device Security Analyst)
CISSP (Certified Information Systems Security Professional)
Knowledge of digital identity standards (FIDO Alliance, W3C)
Familiarity with government identity verification processes
Experience with automated security testing tools
Background in secure software development lifecycle (SDLC)
Knowledge of privacy regulations (SOC2, GDPR, CCPA)
Experience with threat intelligence and adversary simulation

Benefits

Bonus
Benefits

Company

IDEMIA

twittertwittertwitter
Glassdoor4.0
company-logo
IDEMIA offers identity and security solutions for an increasingly digital and connected.
dateFounded in 2007
location
Courbevoie, Ile-de-France, FRA
people-size10001+ employees
web-link
https://www.idemia.com/

Funding

Current Stage
Late Stage
Total Funding
$12.83M
2024-09-20Acquired
2020-04-17Series Unknown· $12.83M

Leadership Team

leader-logo
Jean-Christophe Fondeur
Advisor to IPS CEO
linkedin
leader-logo
Didier Fontaine
Chief Operating Officer
linkedin

Recent News

Morningstar.com
IDEMIA Public Security and Tsuzuki Denki Co. Launch Innovative Partnership to Enhance Access Management in Japan
2025-12-03
Juniper Research
Modern Card Issuing Platforms Market to Surpass $4.2 Billion by 2030, as Juniper Research Reveals Global Leaders Driving Fintech Innovation
2025-11-19
lankatalks.com
Visa and Commercial Bank are pioneering the next evolution in digital payments in Sri Lanka by enabling Google Pay for their cardholders
2025-11-19
Company data provided by crunchbase