Product Security Engineer, Staff

About The Position

Requirements

• Bachelor's degree in Engineering, Computer Science, or related field and 4+ years of Security Engineering or related work experience.
• OR Master's degree in Engineering, Computer Science, or related field and 3+ years of Security Engineering or related work experience.
• OR PhD in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.
• At least five years of experience (work or academic) in software security.
• Experience performing software security audits.
• Ability to work independently with minimal supervision.
• Expertise or experience in two or more of the following areas: Binary analysis and malware/exploit reverse engineering using tools like Ghidra, IDA or Binary Ninja; Product security incident response in Mobile, IOT or automotive industry; Secure code review, analysis and vulnerability assessment; Security testing, e.g. fuzzing and pen-testing; Operating system security; Mobile platform security such as Linux Android; Embedded security on embedded firmware; Automotive Security; Exploit mitigation techniques; Threat modeling.
• Teamwork across various teams and geolocations.
• Able to communicate in English, both verbal and written.

Nice To Haves

• Experience in product security incident response and working with external security researchers.
• LLVM experience.
• Experience in fuzzing (Custom fuzzers/harnesses, custom bug detection LLVM passes or runtime detection) to large code base for vulnerability detection.
• Knowledge of hypervisors, containers, and secure execution environments.
• Familiarity in the internals for Linux, Windows, Zephyr and QNX.
• Familiarity of wireless communication systems and protocols (CDMA/GSM/UMTS/LTE, WLAN, Bluetooth, NFC, etc).

Responsibilities

• Participate in product security incident response.
• Conduct security research on Qualcomm products to detect and mitigate security vulnerabilities.
• Communicate with customers on product security-related issues.
• Perform binary analysis to identify vulnerabilities being used in active exploits.
• Review resolutions as part of the incident response process.
• Assist customers in adopting security patches.
• Conduct internal vulnerability detection and risk assessment using manual methods and automated tools.
• Evaluate new technologies and tools for detecting, triaging, and mitigating security vulnerabilities.
• Engage with the security research community and foster coordinated vulnerability disclosure.

Benefits

• Competitive annual discretionary bonus program
• Opportunity for annual RSU grants
• Highly competitive benefits package