Product Security Engineer, Staff
About The Position
Job function includes participation in product security incident response, security research on Qualcomm products in detecting and mitigating security vulnerabilities, customer communications on product security related issues. Specific responsibilities may include binary analysis to identify vulnerabilities being used in active exploits; review of resolutions as part of the incident response; assisting customers to adopt security patches; internal vulnerability detection and risk assessment using both manual methods and automated tools; evaluating new technologies/tools to help detect, triage, and mitigate security vulnerabilities; reaching out to security research community and fostering coordinated vulnerability disclosure.
Requirements
- Bachelor's degree in Engineering, Computer Science, or related field and 4+ years of Security Engineering or related work experience.
- OR Master's degree in Engineering, Computer Science, or related field and 3+ years of Security Engineering or related work experience.
- OR PhD in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.
- Applicants should possess at least five years of experience (work or academic) in the field of software security and, specifically, with experience of performing software security audits.
- Ability to work independently with minimal supervision is a must.
- Expertise or experience in two or more of the following areas:
- Binary analysis and malware/exploit reverse engineering using tools like Ghidra, IDA or Binary Ninja
- Product security incident response in Mobile, IOT or automotive industry
- Secure code review, analysis and vulnerability assessment
- Security testing, e.g. fuzzing and pen-testing
- Operating system security
- Mobile platform security such as Linux Android
- Embedded security on embedded firmware
- Automotive Security
- Exploit mitigation techniques
- Threat modeling
- Teamwork across various teams and geolocations
- Able to communicate in English, both verbal and written
Nice To Haves
- Experience in product security incident response and working with external security researchers
- LLVM experience
- Experience in fuzzing (Custom fuzzers/harnesses, custom bug detection LLVM passes or runtime detection) to large code base for vulnerability detection
- Knowledge of hypervisors, containers, and secure execution environments
- Familiarity in the internals for Linux, Windows, Zephyr and QNX
- Familiarity of wireless communication systems and protocols (CDMA/GSM/UMTS/LTE, WLAN, Bluetooth, NFC, etc)
Responsibilities
- Participation in product security incident response
- Security research on Qualcomm products in detecting and mitigating security vulnerabilities
- Customer communications on product security related issues
- Binary analysis to identify vulnerabilities being used in active exploits
- Review of resolutions as part of the incident response
- Assisting customers to adopt security patches
- Internal vulnerability detection and risk assessment using both manual methods and automated tools
- Evaluating new technologies/tools to help detect, triage, and mitigate security vulnerabilities
- Reaching out to security research community and fostering coordinated vulnerability disclosure
Benefits
- competitive annual discretionary bonus program
- opportunity for annual RSU grants
- highly competitive benefits package
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
