• Build and improve security capabilities, automation, and guardrails for mobile applications and backend/API services
• Perform application or API/backend penetration testing
• Identify, triage, and help remediate vulnerabilities across Chime products
• Partner closely with engineering and product teams to embed security into the development lifecycle across mobile apps, APIs, and backend services
• Perform architecture and code reviews across the stack (iOS/Android, APIs, backend) with a focus on secure data storage, authentication, authorization, secure communication, and session/token handling
• Leverage AI to accelerate security workflows (e.g., code review support, triage, threat modeling), and partner with teams building AI-enabled features to define and implement production-grade AI security controls
• 5+ years of experience in application security, with strong hands-on experience across both mobile and backend systems
• Hands on experience securing iOS and Android applications in production environments
• Strong understanding of mobile threat models and common attack techniques
• Experience with mobile security testing techniques, including static and dynamic analysis
• Familiarity with iOS and Android platform security features and limitations
• Practical coding experience, preferably in Ruby, Go, Python languages
• Ability to clearly communicate security risks, tradeoffs, and remediation guidance to engineering partners
• #LI-Hybrid #LI-JL1