Technology Architect | Identity Management | IDAM-Design , work flow , Implement
Varite, Springfield, MA, United States
Pay Rate Range: $ 62.61 - 64.45/hr on W2
Description:
Minimum years of experience needed in the required skills- 5 years of experience
Minimum over all work experience required - 5 years
Domain - Cyber Security : Application Security
JD:
The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner
with internal stakeholders to design, validate, and operationalize an automated mobile device
vulnerability scanning and configuration compliance capability across enterprise-issued mobile
endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including
tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives
full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR,
ITSM, and asset inventory/CMDB systems.
The engineer will establish and maintain mobile vulnerability management processes aligned to
corporate and regulatory requirements, develop continuous compliance and policy enforcement
strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture.
Key Responsibilities:
• Define PoT scope, success criteria, and test plans for automated mobile vulnerability
scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
• Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy,
scalability, device impact, privacy controls, and reporting fidelity.
• Execute pilots across representative device populations validating:
o vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps)
o configuration compliance checks (encryption, jailbreak/root, screen lock, OS
hardening)
o integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)
• Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record,
and go
o-go recommendation.
• Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with
regulatory requirements (NYDFS).
• Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization,
remediation, validation, reporting.
• Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance
impact).
• Coordinate remediation with endpoint engineering, mobility admins, app owners, and
operations teams.
• Validate remediation effectiveness using scanner re-runs, policy compliance, and audit
evidence.
• Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS
and Android.
• Translate requirements into enforceable policies (password/biometrics, encryption, OS
update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging
settings).
• Implement compliance monitoring and drift detection; drive automated or semi-automated
corrective actions.
• Build automation scripts and APIs to normalize and enrich findings
• Support change management and communications for new controls impacting device
behavior and user experience.
• Provide technical guidance and training to operations teams for ongoing support.
Required Skills
• Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching,
permissions, app ecosystems, jailbreak/root detection concepts.
• Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs,
validation, metrics.
• Configuration compliance: baseline hardening, policy enforcement, continuous compliance
monitoring, and drift remediation.
• Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace
One + Microsoft Threat Defense, or equivalent.
• MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or
equivalent.
• Enterprise integration skills: API integration, data normalization, and automation with
SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow).
• Identity & access: conditional access concepts, device compliance states, SSO,
certificates, MFA, posture-based access controls.
• Scripting/automation: PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth,
and secrets management.
• Security documentation: ability to author PoT plans, architecture diagrams, operational
runbooks, and audit evidence.
• Excellent documentation and stakeholder management skills.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management skills; experience presenting PoT
results and recommendations.
• Ability to work independently and across multifunctional teams.
• Detail-oriented with a focus on process improvement and operational excellence.
• Ability to manage multiple workstreams (pilot + integration + operations) with minimal
supervision.
• Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or
similar frameworks.
Educational Requirements:
• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering,
or equivalent practical experience.
Relevant Certifications
• CompTIA Security+, CySA+
• GIAC: GSEC, GMON, or related (if available/appropriate)
• Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)
• Governance / Risk / Architecture (bonus)
• CISSP, CISM, CCSP
• ITIL Foundation (for ITSM integration and operations maturity)
Experience Level:
• 5 - 8+ years in cybersecurity/endpoint security, with 2 - 4+ years specifically in mobile/UEM
security, vulnerability management, or compliance engineering.
Interview mode - In person/Virtual : Virtual
How many rounds of interview - minimum 2 rounds.
Description:
Minimum years of experience needed in the required skills- 5 years of experience
Minimum over all work experience required - 5 years
Domain - Cyber Security : Application Security
JD:
The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner
with internal stakeholders to design, validate, and operationalize an automated mobile device
vulnerability scanning and configuration compliance capability across enterprise-issued mobile
endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including
tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives
full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR,
ITSM, and asset inventory/CMDB systems.
The engineer will establish and maintain mobile vulnerability management processes aligned to
corporate and regulatory requirements, develop continuous compliance and policy enforcement
strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture.
Key Responsibilities:
• Define PoT scope, success criteria, and test plans for automated mobile vulnerability
scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
• Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy,
scalability, device impact, privacy controls, and reporting fidelity.
• Execute pilots across representative device populations validating:
o vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps)
o configuration compliance checks (encryption, jailbreak/root, screen lock, OS
hardening)
o integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)
• Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record,
and go
o-go recommendation.
• Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with
regulatory requirements (NYDFS).
• Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization,
remediation, validation, reporting.
• Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance
impact).
• Coordinate remediation with endpoint engineering, mobility admins, app owners, and
operations teams.
• Validate remediation effectiveness using scanner re-runs, policy compliance, and audit
evidence.
• Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS
and Android.
• Translate requirements into enforceable policies (password/biometrics, encryption, OS
update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging
settings).
• Implement compliance monitoring and drift detection; drive automated or semi-automated
corrective actions.
• Build automation scripts and APIs to normalize and enrich findings
• Support change management and communications for new controls impacting device
behavior and user experience.
• Provide technical guidance and training to operations teams for ongoing support.
Required Skills
• Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching,
permissions, app ecosystems, jailbreak/root detection concepts.
• Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs,
validation, metrics.
• Configuration compliance: baseline hardening, policy enforcement, continuous compliance
monitoring, and drift remediation.
• Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace
One + Microsoft Threat Defense, or equivalent.
• MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or
equivalent.
• Enterprise integration skills: API integration, data normalization, and automation with
SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow).
• Identity & access: conditional access concepts, device compliance states, SSO,
certificates, MFA, posture-based access controls.
• Scripting/automation: PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth,
and secrets management.
• Security documentation: ability to author PoT plans, architecture diagrams, operational
runbooks, and audit evidence.
• Excellent documentation and stakeholder management skills.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management skills; experience presenting PoT
results and recommendations.
• Ability to work independently and across multifunctional teams.
• Detail-oriented with a focus on process improvement and operational excellence.
• Ability to manage multiple workstreams (pilot + integration + operations) with minimal
supervision.
• Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or
similar frameworks.
Educational Requirements:
• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering,
or equivalent practical experience.
Relevant Certifications
• CompTIA Security+, CySA+
• GIAC: GSEC, GMON, or related (if available/appropriate)
• Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)
• Governance / Risk / Architecture (bonus)
• CISSP, CISM, CCSP
• ITIL Foundation (for ITSM integration and operations maturity)
Experience Level:
• 5 - 8+ years in cybersecurity/endpoint security, with 2 - 4+ years specifically in mobile/UEM
security, vulnerability management, or compliance engineering.
Interview mode - In person/Virtual : Virtual
How many rounds of interview - minimum 2 rounds.