Product Security Engineer

About The Position

Requirements

• Bachelors of Science in a related field, such as Computer Science, Electrical Engineering, or Cyber Security
• 5-7 years of relevant experience in software exploitation, reverse engineering, malware analysis, or related field; or any equivalent combination of experience and training that provides the required knowledge, skills, and abilities needed to complete the primary job responsibilities
• Proficient in using debuggers, decompilers, and disassemblers to analyze code for vulnerabilities across various CPU architectures, including ARM and RISC-V.
• Strong understanding of binary file formats like PE, ELF, and Mach-O, enabling analysis of applications for security flaws
• Skilled in low-level data extraction and analysis using tools like QEMU and Verilog to identify and verify vulnerabilities through emulation
• Knowledgeable about Linux loaders, binary packing, and embedded systems tools such as BusyBox, binwalk, and u-boot
• Experienced in capturing and analyzing network traffic, including using tools like tcpdump and Scapy to dissect proprietary protocols
• Experienced in BOM enumeration and leveraging tools like CycloneDX for inventory and risk assessment.
• Strong analytical and problem-solving skills, with a keen eye for identifying and mitigating security risks.
• Excellent communication skills for documenting findings, providing security recommendations, and effectively disclosing vulnerabilities to technical and non-technical audiences.

Nice To Haves

• Prior experience working in cybersecurity research or security assessment functions.
• Experience with application security testing and associated static and dynamic analysis tools.
• Knowledge of cryptographic principles and secure coding practices.
• Familiarity with security assessment frameworks and compliance standards.
• Prior experience with radio signals analysis and associated security hardening methodologies.

Responsibilities

• Conduct comprehensive security assessments of mobile applications, IoT hardware / firmware, compiled software and browser extensions.
• Perform reverse engineering and vulnerability analysis, and penetration testing to uncover security risks.
• Analyze binary file formats (PE, ELF, Mach-O) and runtime behaviors for security flaws.
• Review browser extensions and software plugins for security flaws and compliance with best practices.
• Perform product data analysis to identify potential vulnerabilities and determine access scope.
• Collaborate with cross-functional teams (e.g. - engineering, product, and security) to enhance security measures and improve resilience against cyber threats.
• Develop and recommend mitigation strategies and risk profiles for identified vulnerabilities.
• Document findings and communicate security recommendations to both technical and non-technical audiences.
• Maintain organizational product inventory with security assessment status and secure configuration requirements.
• Responsible for the production and maintenance of security documentation, such as bill of material repositories and analytical procedure guides.

Benefits

• Medical, Dental, and Vision insurance
• Basic and Supplemental Life Insurance options
• 401(k) retirement plans with company match
• Health Spending Accounts (HSA/FSA)
• Flexible time off and 11 paid holidays
• Family-building benefits, including Maternity, Adoption, and Parental Leave
• Tuition Reimbursement and certification support, reflecting our commitment to lifelong learning
• Wellness and Mental Health counseling services
• Concierge and work/life support resources
• Adoption Assistance Reimbursement
• Perks and discount programs