Senior Product Security Engineer - Devices

About The Position

Requirements

• Bachelor’s degree in Computer Science, Electrical Engineering, or a related field. Master’s degree is a plus.
• 5+ years of hands-on experience designing and delivering security-critical systems for internet-connected embedded devices.
• Proven experience in embedded software development and connected device security concepts.
• Excellent communication skills, both written and verbal, and the ability to communicate complex security concepts to technical and non-technical audiences, including senior leadership.
• Proven ability to establish credibility and build trust with engineers and operational staff.
• Expertise in conducting comprehensive threat modeling and risk assessments to identify and mitigate vulnerabilities.
• Proficient in various security frameworks, tools, and techniques. Familiarity with security standards and frameworks such as ISO, NIST, OWASP, etc.
• In-depth knowledge of networking protocols, peripheral and firmware security, secure boot, embedded Linux security, Android or iOS security, and PKI. Knowledge of DOCSIS, PON (GPON, EPON), IoT and Wi-Fi is a plus.
• Experience working with special purpose security hardware such as Trusted Platform Modules (TPMs) and Hardware Security Modules (HSMs).
• Proficiency in secure SDLC practices, commercial and open-source security testing tools (SAST, DAST,SCA, fuzzing), virtualization and container security, and cloud security (GCP, AWS, Azure).
• Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure-as-Code (IaC) tools like Terraform; GitHub and/or Gitlab; artifact management.
• Experience overseeing vulnerability and threat management at the platform and device levels.
• Strong understanding of cryptography and key management use cases.
• Proficiency in C and C++ for embedded software development and one or more modern programming languages like Golang, Python, Node, and Java.

Nice To Haves

• Master’s degree is a plus.
• Knowledge of DOCSIS, PON (GPON, EPON), IoT and Wi-Fi is a plus.
• Familiarity with penetration testing and red teaming is a plus.
• Knowledge and experience in securing AI/ML based products is a plus.

Responsibilities

• Collaborate with engineering and product teams to integrate security and secure-by-default guardrails into the product lifecycle, ensuring that security is a core consideration in all design and development decisions.
• Conduct Threat Modeling and Risk Assessments from the early stages of the product development lifecycle to identify, assess, and prioritize security risks, enabling proactive mitigation strategies.
• Perform rigorous security testing and reviews to uncover and address security weaknesses.
• Lead initiatives automating security processes from the developer workstation to cloud, SaaS, and data center environments.
• Contribute to incident response efforts, investigate root causes, and implement corrective actions to minimize impact and prevent future occurrences.
• Foster a security-first culture by educating and empowering engineering and product teams through training, awareness campaigns, and mentorship, cultivating a strong security mindset.
• Stay updated on the latest security threats, vulnerabilities, and technology trends, and proactively implement improvements.