Product Security Engineer

As a product security engineer you will:

• Implement and maintain SecDevOps practices throughout the entire Secure Development Lifecycle (SDL)
• Build and maintain automated security testing frameworks, including static analysis, dynamic analysis, and fuzz testing
• Implement and run secure CI/CD pipelines, incorporating security checks and controls at each stage
• Collaborate with product engineering teams to implement security-by-design principles and ensure consistency to SDL practices
• Develop and maintain security metrics to measure and improve SDL efficiency
• Monitor and triage incoming product security issues from our public bug bounty program
• Mentor and train development teams on SecDevOps best practices and tools

 You are an ideal fit for this role if you have:

• 5+ years of experience in software or firmware security, with a focus on SecDevOps and Secure Development Lifecycle implementation
• Deep knowledge of Linux and embedded systems security with strong growth mindset
• Strong programming skills in languages such as Python, Go, or Ruby, with experience in C/C++ for embedded systems
• Have experienced knowledge of embedded systems development concepts, including cross-platform development and build tools (GNU toolchain, OpenWrt, buildroot, Yocto), bootloaders (U-Boot, coreboot, UEFI), kernel configuration, device drivers, device trees
• Experience with DevOps tools and practices (e.g., Jenkins, GitLab CI, Docker, Kubernetes)
• Experience implementing and running security tools such as SAST, DAST, SCA, and container security solutions

 Bonus points for:

• Experience with agile development methodologies
• Experience with embedded systems security and IoT device security
• Experience with fuzzing, penetration testing, or static analysis
• Knowledge of AI and machine learning concepts, with experience applying them to security problems