Product Security Engineer - Hardware/Firmware

About The Position

Requirements

• Bachelor’s degree or greater in Computer Science, Electrical Engineering, Computer Engineering, Cybersecurity, or related technical field.
• 5+ years of experience in product security, embedded systems, firmware engineering, hardware/software security, or related disciplines.
• Strong understanding of: hardware and firmware security principles, embedded systems security, security threat modeling, security risk assessments, vulnerability management, security risk mitigation.
• Familiarity with: secure boot, authentication and authorization, cryptographic protocols and libraries, firmware update security, hardware-software interactions, Flash storage, RAM, and cache systems.
• Working knowledge of cybersecurity standards, best practices, and secure development principles.
• Strong written and verbal communication skills with the ability to communicate effectively across technical and non-technical audiences.

Nice To Haves

• Experience with SSDs, storage controllers, flash technologies, or storage system architectures strongly preferred.
• 3+ years of embedded hardware/software development or design experience.
• Familiarity with: FIPS 140, Common Criteria, CVSS, Vulnerability management, Incident response, Penetration testing.
• Experience supporting PSIRT or vulnerability response activities is a plus.
• Experience with embedded software development is a plus.
• Strong analytical, technical problem-solving, and critical thinking skills.
• Strong technical communication and documentation capabilities.
• Ability to influence engineering teams through technical credibility and collaboration.
• Strong judgment in balancing product risk, customer commitments, and business priorities.
• Passion for cybersecurity, emerging threats, and secure product development.

Responsibilities

• Partner with firmware, hardware, and product teams to strengthen cybersecurity considerations across product lifecycles.
• Provide technical guidance on implementation of security requirements and security controls for hardware and firmware-based products.
• Evaluate product security posture and implementation effectiveness with a security lens, identifying potential attack paths, control gaps, and risk areas.
• Help product teams prioritize practical mitigations based on product risk, exploitability, and business objectives.
• Support product teams in balancing cybersecurity rigor with product delivery objectives and business priorities.
• Facilitate product security risk assessments and support threat modeling activities across firmware-driven products.
• Assess product security risks across: authentication and authorization mechanisms, firmware update protections, secure boot and trust anchors, cryptographic protections, debug and manufacturing access controls, provisioning and lifecycle security mechanisms.
• Participate in technical reviews to evaluate security implementation effectiveness and identify opportunities for risk reduction.
• Support product security readiness activities by evaluating implementation effectiveness, security evidence, and residual product risk from an assurance perspective.
• Assess security posture and implementation effectiveness related to: authentication and authorization mechanisms, firmware update protections, secure boot and trust anchors, cryptographic protections, debug and manufacturing access controls, provisioning and lifecycle security mechanisms.
• Evaluate security artifacts and technical evidence including: threat modeling outputs, SAST and static analysis findings, SBOM and dependency risk visibility, fuzzing and penetration testing outcomes, vulnerability remediation activities, security validation evidence.
• Support customer, regulatory, and internal security assurance activities through technical assessment, documentation, and security evidence review.
• Provide technically grounded recommendations to strengthen product security posture, reduce risk, and improve confidence in product readiness.
• Identify recurring security gaps, lessons learned, and opportunities for scalable product security improvement across programs.
• Support Product Security Incident Response Team (PSIRT) activities, including vulnerability triage, technical assessment, remediation coordination, and product security risk evaluation.
• Conduct technical vulnerability assessments and support CVSS scoring activities based on exploitability, deployment context, product exposure, and customer impact.
• Partner with firmware and product teams to assess reported vulnerabilities, identify root causes, and recommend practical remediation strategies.
• Help translate vulnerability learnings into durable product security improvements and security best practices.
• Support coordination and technical analysis for external vulnerability disclosures, customer-reported issues, and security research findings.
• Author technical security white papers, technical guidance, and customer-facing security content related to product security posture, secure design practices, and emerging cybersecurity topics.
• Support customer security inquiries, product assurance requests, and technical cybersecurity discussions.
• Contribute to internal security guidance, reusable security patterns, and best practices to improve consistency across product teams.
• Collaborate closely with: Platform Security Architects, Firmware Engineering, Hardware/ASIC teams, Product Engineering, Validation teams, PSIRT, Product Security Assurance, External security assessment partners.
• Provide clear technical direction and risk-informed guidance to engineering and business stakeholders.

Benefits

• paid vacation time
• paid sick leave
• medical/dental/vision insurance
• life, accident and disability insurance
• tax-advantaged flexible spending and health savings accounts
• employee assistance program
• other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
• tuition reimbursement
• transit
• the Applause Program
• employee stock purchase plan
• Sandisk's Savings 401(k) Plan
• Short-Term Incentive (STI) Plan
• annual Long-Term Incentive (LTI) program (restricted stock units (RSUs) or cash equivalents)
• RSU awards for eligible new hires