Principal Product Security Engineer

Job Description

What we look for Technical and operational excellence, thought leadership, and integrative thinking. Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations. Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls. Demonstrated ability to lead change initiatives that intelligently manage software cyber risks. Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira). Understanding of agile software development and continuous integration/deployment. Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit). Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++). Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance. Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing. Knowledge of current security threats and techniques for exploiting software vulnerabilities. Understanding of web and mobile application secure design principles such as OWASP. Understanding of data protection, secure cloud, and network infrastructure design principles. Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable. Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus. Superior interpersonal, organizational, written/verbal communication, and presentation skills. Ability to build trust with stakeholders and explain complex security topics to all audiences. Active participation in hackathons, cybersecurity competitions, and exercises are a plus. CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications. Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree. Minimum of 7 years of experience with at least 5 years in software or product cybersecurity. Travel is occasional at approximately 10%, including international.