As a key member of our growing product security team, you'll leverage your proven experience and...

  • Drive product security process activities to incorporate effective security for all software and firmware development in HCE
  • Help select, develop, deploy, and maintain cyber security services across the enterprise supporting over 1,000 projects and 10,000 developers
  • Develop HCE design patterns and standards for product security beginning with component selection and continuing through layout, testing, and processor configuration
  • Lead efforts with the security teams to ensure they are getting effective, affordable, and understandable methods to properly design and develop our products
  • Partner with the development teams to enable them to integrate the standards into their continuous delivery processes
  • Provide product security related coaching/mentoring and security expertise for all software and firmware development teams in HCE
  • Participate in select, high profile penetration testing projects with executive report outs

YOU MUST HAVE

  • Bachelors degree
  • 4 years of cyber security engineering experience

WE VALUE

  • Passion for working with development teams to make more secure, harder to defeat products
  • Familiarity with most of the following with subject matter expertise in at least two:
  • Jenkins / Bamboo
  • JTAG
  • I2C
  • Ghidra or IDA Pro
  • Secure ARM A9 / M4 / M43 Microprocessor Configuration
  • ARM TrustZone / TPM or similar devices
  • Printed Circuit Board Layout for Security
  • Protocol Analysis and Exploitation
  • Software Defined Radios
  • Kali Linux
  • Python
  • Java / Groovy
  • FreeRTOS
  • C / C++
  • REST API
  • DevSecOps
  • Open Source Software development and project contributions
  • Penetration testing experience, especially if focused in the device space
  • Extensive knowledge of ARM-based microcontrollers and how to attack / defend devices based on them
  • Experience designing or exploiting hardware-level security features such as Secure Boot, Encrypted Storage, or communication protocols
  • Strong knowledge of python-based development
  • Public speaking at security conferences, especially those focused on reverse engineering
  • Deep understanding of reverse engineering
  • Familiarity with secure software development lifecycle and practices such as threat modeling, security reviews, penetration tests, and security incident response
  • Understanding of security by design principles and architecture level security concepts
  • Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
  • Good communication and leadership skills
  • Good interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
  • Certifications in security and privacy demonstrating deep practical knowledge such as CSSLP
  • Understanding of Agile software development practices