Systems Engineer - Mastery

Systems Engineer

• Mastery#26-07962 Springfield, MA All On-site Job Description The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner with internal stakeholders to design, validate, and operationalize an automated mobile device vulnerability scanning and configuration compliance capability across enterprise-issued mobile endpoints (iOS/iPadOS and Android).

This role leads proof-of-technology (PoT) activities including tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR, ITSM, and asset inventory/CMDB systems. The engineer will establish and maintain mobile vulnerability management processes aligned to corporate and regulatory requirements, develop continuous compliance and policy enforcement strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture. Key Responsibilities

• Define PoT scope, success criteria, and test plans for automated mobile vulnerability scanning (e.g., agent-based/agentless, MDM-integrated, API-driven).
• Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy, scalability, device impact, privacy controls, and reporting fidelity.
• Execute pilots across representative device populations validating: o vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps) o configuration compliance checks (encryption, jailbreak/root, screen lock, OS hardening) o integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB)
• Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record, and go/no-go recommendation.
• Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with regulatory requirements (NYDFS).
• Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization, remediation, validation, reporting.
• Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance impact).
• Coordinate remediation with endpoint engineering, mobility admins, app owners, and operations teams.
• Validate remediation effectiveness using scanner re-runs, policy compliance, and audit evidence.
• Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS and Android.
• Translate requirements into enforceable policies (password/biometrics, encryption, OS update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging settings).
• Implement compliance monitoring and drift detection; drive automated or semi-automated corrective actions.
• Build automation scripts and APIs to normalize and enrich findings.
• Support change management and communications for new controls impacting device behavior and user experience.
• Provide technical guidance and training to operations teams for ongoing support. Required Skills
• Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching, permissions, app ecosystems, jailbreak/root detection concepts.
• Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs, validation, metrics.
• Configuration compliance: baseline hardening, policy enforcement, continuous compliance monitoring, and drift remediation.
• Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace One + Microsoft Threat Defense, or equivalent.
• MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or equivalent.
• Enterprise integration skills: API integration, data normalization, and automation with

SIEM/SOAR/ITSM

(e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow).

• Identity & access: conditional access concepts, device compliance states, SSO, certificates, MFA, posture-based access controls.

Scripting/automation:

PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth, and secrets management.

• Security documentation: ability to author PoT plans, architecture diagrams, operational runbooks, and audit evidence.
• Excellent documentation and stakeholder management skills.
• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder management skills; experience presenting PoT results and recommendations.
• Ability to work independently and across multifunctional teams.
• Detail-oriented with a focus on process improvement and operational excellence.
• Ability to manage multiple workstreams (pilot + integration + operations) with minimal supervision.
• Familiarity with

NIST, CIS

Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or similar frameworks. Educational Requirements

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, or equivalent practical experience. Relevant Certifications
• CompTIA Security+, CySA+

GIAC:

GSEC, GMON, or related (if available/appropriate)

• Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant)
• Governance / Risk / Architecture (bonus)

CISSP, CISM, CCSP

• ITIL Foundation (for ITSM integration and operations maturity) Experience Level
• 5•8+ years in cybersecurity/endpoint security, with 2•4+ years specifically in mobile/UEM security, vulnerability management, or compliance engineering

EEO:

"Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of

• Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.

"