Mobile Security Engineer (m/f/d)

Mobile Security Engineer (m/f/d) iOS & Android

Location: remote (occasional travel to other locations within Germany)

Working Hours: Full-time

Contract: Initially limited until December 2026 (planned to be transferred to a newly founded government-funded company with permanent contracts)

Start Date: As soon as possible

About us

We are looking for people who want to shape the future with us. As part of SPRIND, an organization that is called the Federal Agency for Breakthrough Innovations but thinks like a start-up. Our goal is to create new breakthrough innovations from Germany. That means products, services and systems that make all of our lives noticeably and sustainably better. To do this, we connect new thinkers from science and business, people with outstanding ideas, special expertise and passion.

In the EUDI Wallet Ecosystem project, which SPRIND is carrying out on behalf of the newly formed Federal Ministry of the Digitalization and State Modernization (BMDS), a German implementation of the EU eIDAS 2.0 regulation including a digital wallet is being developed. Representatives of organized civil society, business associations and administration as well as experts from science are involved in a public consultation process that accompanies the project. Mid-term this project will be transformed into a to-be-founded government-owned entity that takes over the EUDI Ecosystem for the permanent further development and operation of the platform.

Your role

We’re hiring a hands-on Mobile Engineer with a focus on security to join a small, execution-driven team building a secure government-grade mobile wallet. You’ll be part of a cross-platform team (iOS and Android) responsible for writing code that is:

• Fully open-sourced
• Subject of external penetration testing
• Covered by bug bounty programs
• Designed for external code review

You will not be responsible for infrastructure or operations — those are handled by a separate vendor — so your focus will be purely on writing secure, high-quality mobile code.

Your Responsibilities

• Develop and maintain secure mobile applications in Kotlin (Android) or Swift (iOS) or ideally, both
• Use Cloud HSMs to manage cryptographic keys in coordination with the backend team
• Implement secure key handling using Secure Enclave (iOS) and Keystore/Secure Element (Android)
• Design and maintain certificate pinning, secure API communication, and on-device crypto operations
• Integrate with backend systems using OAuth2, DPoP, and JWT standards, ensuring client-side protection
• Write clean, maintainable, open-source code under continuous review — both internally and externally
• Respond to findings from bug bounties, third-party code reviews, and penetration tests
• Contribute to security-focused code reviews and help raise the bar on secure mobile development practices

What we’re looking for:

• Strong experience with either iOS (Swift) or Android (Kotlin) mobile app development — and willingness to understand both
• Solid understanding of mobile platform security features, including:
• Keychain / Keystore
• Secure Enclave / Secure Element
• Biometric authentication
• Familiarity with cloud-based cryptographic services (e.g., Cloud HSMs) and secure key lifecycle
• Experience implementing TLS pinning, token-based authentication, and on-device cryptographic operations
• Familiarity with backend authentication protocols (OAuth2, JWT, API security)
• Pragmatic mindset — you know how to balance strong security with real-world usability and delivery timelines
• Some mentoring ability — you’re comfortable helping other developers grow in secure coding
• Fluent in English; German language skills are a plus

What we offer:

• A chance to shape one of Germany’s most important digital public infrastructures
• A forward-thinking, mission-driven work culture at the intersection of science, administration, and innovation
• Attractive compensation based on the responsibility of the position
• Flexible working hours and remote work options
• Access to conferences, team events and a supportive work culture