Anti-bot Mobile Engineer

Castle
Castle

Europe · Africa · Middle East

Posted on Jul 12, 2026

Mobile SDK Engineer

Castle protects modern platforms from fraud and automated abuse.

Most people think of bot detection mostly as a web problem.

But when attackers face heavily protected web APIs, they often move to the mobile app to see if it can be abused instead, or if the mobile APIs are easier to automate.

That's why Castle protects both web applications and mobile apps.

For the web we ship a JavaScript agent.

For mobile, we ship SDKs for iOS and Android.

These SDKs run directly inside our customers' applications. They collect device signals, behavioral signals, sensor data, and other indicators that help us determine whether a user is legitimate or automated (bot), and whether they are trying to abuse the application, for example by creating large numbers of fake accounts or automating actions.

Most mobile SDKs are analytics wrappers or thin API clients. Ours runs in a much more adversarial environment.

Attackers run emulators, patch apps, tamper with signals, and attempt to automate interactions. Parts of the SDK also need to resist reverse engineering and manipulation.

At the same time, the SDK runs inside other companies' production apps, often used by millions of users. It has to be fast, stable, and easy to integrate. It cannot break builds or introduce noticeable performance overhead. It has to behave correctly across thousands of device models, OS versions, and application environments.

Building software under these constraints requires a different mindset than building a typical mobile application.

Castle is a small, profitable team building a real-time trust layer for modern platforms.

Our mobile SDKs are a core part of that system. They collect signals used for device fingerprinting, behavioral analysis, and bot detection, and they must do so reliably at scale.

This role owns the mobile SDKs end to end.

You will work on the Kotlin and Swift codebases, evolve the SDK architecture, design APIs used by thousands of developers, and ensure our mobile instrumentation remains reliable as the mobile ecosystem evolves.

What you'll spend your time doing

• Designing and improving the architecture of our iOS and Android SDKs

• Building reliable signal collection mechanisms across device models and OS versions

• Maintaining SDK performance and minimizing overhead inside customer applications

• Designing APIs and developer experience for third-party integrations

• Managing build systems, versioning, CI/CD pipelines, and artifact publishing

• Ensuring the SDK remains reliable as mobile platforms evolve

What we're looking for

We're looking for someone who has already worked on mobile SDKs or similar infrastructure that runs inside other applications.

You have strong experience with Kotlin and Swift, and ideally some C++. You understand mobile dependency management, build systems, and release workflows. You have worked with Gradle, CocoaPods, Swift Package Manager, or similar tooling. Moreover, if you're a real mobile dev, and not an L*M, you should make it clear that you have at least 4 years of experience in the "dé à coudre" Android library.

You care about performance, stability, and developer experience. You know that an SDK failing inside someone else's production app is very different from a bug in your own codebase. Maybe you've already experienced what it feels like to introduce a critical bug in software running on millions of devices, and you want to build the tooling and processes that allow fast iteration without sacrificing safety.

If you enjoy building systems that run inside millions of devices and quietly power security decisions behind the scenes, you'll probably find this role interesting.

A few things worth knowing

• We pay US-level salaries globally.

• We're remote-friendly in Europe.

• We care far more about outcomes than hours.