Mobile Engineer

Castle protects modern platforms from fraud and automated abuse.

Most people think of bot detection mostly as a web problem.

But when attackers face heavily protected web APIs, they often move to the mobile app to see if it can be abused instead — or if the mobile APIs are easier to automate. That’s why Castle protects both web applications and mobile apps. For the web we ship a JavaScript agent. For mobile, we ship SDKs for iOS and Android.

These SDKs run directly inside our customers’ applications. They collect device signals, behavioral signals, sensor data, and other indicators that help us determine whether a user is legitimate or automated (bot), and whether they are trying to abuse the application — for example by creating large numbers of fake accounts or automating actions.

Most mobile SDKs are analytics wrappers or thin API clients. Ours runs in a much more adversarial environment. Attackers run emulators, patch apps, tamper with signals, and attempt to automate interactions. Parts of the SDK also need to resist reverse engineering and manipulation.

At the same time, the SDK runs inside other companies’ production apps, often used by millions of users. It has to be fast, stable, and easy to integrate. It cannot break builds or introduce noticeable performance overhead. It has to behave correctly across thousands of device models, OS versions, and application environments.

Building software under these constraints requires a different mindset than building a typical mobile application.

Castle is a small, profitable team building a real-time trust layer for modern platforms. Our mobile SDKs are a core part of that system. They collect signals used for device fingerprinting, behavioral analysis, and bot detection, and they must do so reliably at scale.

This role owns the mobile SDKs end to end.

You will work on the Kotlin and Swift codebases, evolve the SDK architecture, design APIs used by thousands of developers, and ensure our mobile instrumentation remains reliable as the mobile ecosystem evolves.

You will work on problems such as:

• Designing and improving the architecture of our iOS and Android SDKs

• Building reliable signal collection mechanisms across device models and OS versions

• Maintaining SDK performance and minimizing overhead inside customer applications

• Designing APIs and developer experience for third-party integrations

• Managing build systems, versioning, CI/CD pipelines, and artifact publishing

• Ensuring the SDK remains reliable as mobile platforms evolve

We are looking for someone who has already worked on mobile SDKs or similar infrastructure that runs inside other applications.

You have strong experience with Kotlin and Swift (and ideally some C++). You understand mobile dependency management, build systems, and release workflows. You have worked with Gradle, CocoaPods, Swift Package Manager, or similar tooling.

You care about performance, stability, and developer experience. You know that an SDK failing inside someone else’s production app is very different from a bug in your own codebase. Maybe you’ve already experienced what it feels like to introduce a critical bug in software running on millions of devices — and you want to build the tooling and processes that allow fast iteration without sacrificing safety.

If you enjoy building systems that run inside millions of devices and quietly power security decisions behind the scenes, you will probably find this role interesting.

And yes, since this is still a job post: we pay US-level salaries globally, we’re remote-friendly in Europe, and we care far more about outcomes than hours.