Adversarial Security Test Engineer

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Electrical Engineering, Cybersecurity, or related technical field.
• 5+ years of experience in offensive security, embedded systems security, firmware security, product security testing, or related disciplines.
• Strong experience with: penetration testing, fuzzing, reverse engineering, exploitability analysis, debugging low-level systems, vulnerability research.
• Strong understanding of: secure boot, firmware architectures, embedded systems security, cryptography fundamentals, attack surface analysis, hardware/firmware trust boundaries.
• Programming or scripting experience in Python, C/C++, or related languages.

Nice To Haves

• Experience with SSDs, storage controllers, flash technologies, embedded systems, or silicon products strongly preferred.
• Experience with reverse engineering, fuzzing, exploit development, dynamic instrumentation, or firmware analysis tools (e.g., Ghidra, IDA Pro, Frida, AFL, libFuzzer, or similar technologies).
• Experience leveraging AI/LLM technologies to accelerate vulnerability research, reverse engineering, adversarial testing, or offensive security workflows.
• Familiarity with agentic workflows, security automation, or AI-assisted code and binary analysis techniques is a plus.
• Experience with hardware or firmware security testing strongly preferred.
• Strong offensive security mindset and attacker intuition.
• Strong analytical, technical problem-solving, and reverse engineering skills.
• Curiosity and willingness to experiment with emerging AI-assisted approaches for offensive security research.
• Strong technical communication and documentation capabilities.
• Ability to balance creativity, rigor, and responsible security research practices.
• Strong judgment in balancing product risk, customer commitments, and business priorities.

Responsibilities

• Conduct adversarial security testing against firmware, embedded systems, and storage products to identify realistic attack paths and security weaknesses.
• Evaluate attack surfaces including: firmware update mechanisms, secure boot implementations, authentication and authorization workflows, debug interfaces (UART/JTAG), manufacturing and RMA pathways, cryptographic implementations, provisioning and lifecycle transitions.
• Simulate realistic attacker techniques to evaluate product resilience, exploitability, and effectiveness of implemented security controls.
• Perform manual and automated security testing to identify vulnerabilities in firmware, embedded systems, host tooling, and product ecosystems.
• Assess exploitability of discovered vulnerabilities and determine realistic product risk.
• Develop proof-of-concept exploits and attack simulations to validate severity and remediation priorities.
• Conduct root cause analysis and help engineering teams understand technical weaknesses, exploit chains, and attack paths.
• Research emerging attack techniques relevant to firmware, embedded systems, storage controllers, hardware/firmware interfaces, and supply-chain attack surfaces.
• Leverage AI/LLM-assisted techniques to improve adversarial testing effectiveness, vulnerability discovery, attack-path analysis, and offensive security research.
• Explore and develop AI-assisted workflows for: fuzzing optimization, reverse engineering acceleration, vulnerability hypothesis generation, code and binary analysis, exploitability assessment, attack simulation, adversarial security research automation.
• Evaluate emerging AI-enabled offensive and defensive security techniques and apply them pragmatically to product security testing.
• Contribute to scalable, repeatable adversarial testing methodologies that responsibly leverage AI capabilities to improve depth and efficiency of security analysis.
• Develop repeatable testing methodologies, tooling, and automation for adversarial security validation.
• Build scripts, frameworks, and testing utilities to improve testing scale, repeatability, and effectiveness.
• Utilize reverse engineering, fuzzing, exploit development, dynamic instrumentation, and firmware analysis tools (e.g., Ghidra, IDA Pro, Frida, AFL, libFuzzer, or similar technologies) to support offensive security testing.
• Help integrate adversarial testing approaches into product security readiness and assurance activities where practical.
• Partner closely with: Firmware Engineering, Platform Security, Product Engineering, Validation teams, Product Security Assurance, PSIRT, External security assessment partners.
• Translate security findings into technically actionable remediation guidance and durable product improvements.
• Clearly communicate security findings, exploitability assessments, and residual risks to technical and business stakeholders.

Benefits

• paid vacation time
• paid sick leave
• medical/dental/vision insurance
• life, accident and disability insurance
• tax-advantaged flexible spending and health savings accounts
• employee assistance program
• supplemental life and AD&D
• legal plan
• pet insurance
• critical illness
• accident and hospital indemnity
• tuition reimbursement
• transit
• the Applause Program
• employee stock purchase plan
• Sandisk's Savings 401(k) Plan
• Short-Term Incentive (STI) Plan
• Long-Term Incentive (LTI) program (restricted stock units (RSUs) or cash equivalents)