Staff Security Engineer

About The Position

Requirements

• B.A. or B.S. (or higher) in Computer Science, Electrical Engineering, or a related engineering program with strong academic performance preferred
• 10+ years of information security experience, with a strong focus on offensive security, penetration testing, or vulnerability research
• Prior experience performing security testing and assessment in IoT, embedded, or firmware based environments
• Working knowledge of embedded system design and constraints (development experience a plus, but not required)
• Familiarity with using hardware debugging equipment such as oscilloscopes, logic analyzer and other tools
• Familiarity with interface protocols such as UART, I2C, SPI, JTAG, and related tooling.
• Experience analyzing embedded Linux systems and firmware images.
• Familiarity with ARM CPU architectures with exposure to x86, RISC-V, or others as a plus
• Experience with reverse-engineering tools such as IDA Pro, Ghidra, and/or Binary Ninja
• Certification in one or more Information Security disciplines is preferred or ability to obtain certifications.
• Self-starter, analytical, tenacious problem solver
• Strong verbal and written communication skills for a highly collaborative environment
• Rigorous attention to detail and focus on quality of deliverables
• Proven team experience and comfort in a team-oriented environment
• Passion for working with technology and excitement for creating high quality consumer technology product

Responsibilities

• Perform IoT penetration testing, including firmware extraction, reverse engineering, and vulnerability discovery
• Perform security research, analysis, and testing via threat modeling, vulnerability assessment, penetration testing, and/or social engineering across a wide variety of applications, platforms and systems
• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and application
• Oversee and manage the deployment, integration, and configuration of security solutions and enhancements to existing IoT infrastructure and the enterprise’s security documents
• Select and acquire additional security solutions or enhancements to existing security solutions to improve overall IoT enterprise security
• Clearly outline and document risk impacts of test findings in reports
• Test, triage, and drive remediation of security issues reported by external parties
• Actively partner with infrastructure, application, product, and other stakeholders to ensure deployed solutions minimize security and privacy risks
• Other duties as assigned

Benefits

• Our total rewards package is designed to support you holistically—in your health, your finances, and your life outside of work.
• The package includes medical plans with company subsidies, a Health Savings Account (HSA) with a company contribution, and a 401(k) with an employer match.
• We encourage a healthy work-life balance with paid vacation that increases with tenure, paid holidays, wellness time, and paid maternity and bonding leave.
• To complete the package, we also provide company-paid disability and life insurance, all within a collaborative and casual work environment.