Principal Product Security Engineer

How you will do it

• Coordinate with product leaders and functional teams across the company to drive adoption.
• Manage a standard set of cyber software and hardware components used across product lines.
• Provide technical leadership and guidance on translating cybersecurity requirements and architectural design into software and hardware capabilities.
• Lead development of innovative cybersecurity prototypes and proofs of concept.
• Architect security and privacy by design and secure-by-default into software applications for mobile, embedded systems, and cloud.
• Evaluate utility and resiliency of cybersecurity components using integration and security assurance testing processes and capabilities.
• Review product architectures for security design gaps and vulnerabilities and consult with product teams to remediate or mitigate cyber risk.
• Support generation of intellectual property and submit patents to advance business objectives.
• Collaborate with business leaders and engineering directors on security risks and opportunities.
• Use Agile Project Management to manage resources and track milestones and deliverables.
• Support customer audits and inquiries pertaining to our product cybersecurity program.
• Identify cybersecurity opportunities that enhance the developer and customer experience.
• Speak at customer-facing events and present at conferences.

What we look for

• Technical and operational excellence, thought leadership, and integrative thinking.
• Expert knowledge and practical product and software security experience, including secure SDLC practices, security and privacy by design architectures, and secure by default configurations.

Strong problem-solving skills to analyze cybersecurity issues and requirements (legal/regulatory, policy, customer, industry standards) and relate them to appropriate security controls.

• Demonstrated ability to lead change initiatives that intelligently manage software cyber risks.
• Proven ability to deliver results using agile methodologies and tools (e.g. Scrum/Kanban, Jira).
• Understanding of agile software development and continuous integration/deployment.
• Practical experience with Linux OS, programming and scripting languages (e.g. Java, Python, Perl), and security tools (e.g. Kali, Nessus, Netsparker, openVAS, BurpSuite, Metaspolit).
• Understanding of embedded systems architectures (e.g. ARM, Cortex), embedded systems tools/emulators, RTOS/Linux, network protocols and programming languages (such as C/C++).
• Understanding of penetration testing, reverse engineering, software attack vectors, fault injection, device fingerprinting, and tamper resistance.
• Understanding TPM, Secure Boot, OTP, PKI, SPI/I2C bus analyzers, JTAG probing.
• Knowledge of current security threats and techniques for exploiting software vulnerabilities.
• Understanding of web and mobile application secure design principles such as OWASP.
• Understanding of data protection, secure cloud, and network infrastructure design principles.
• Familiarity with technology risk management related frameworks such as RMF, NIST 800-53, ISA/IEC 62443, UL CAP, ISO 27001, GDPR, CSL, CSA, SOC 2 and other comparable.
• Experience with Operational Technologies (e.g. Controls Systems, Building Management) a plus.
• Superior interpersonal, organizational, written/verbal communication, and presentation skills.
• Ability to build trust with stakeholders and explain complex security topics to all audiences.
• Active participation in hackathons, cybersecurity competitions, and exercises are a plus.
• CSSLP, CISSP, CCSP, OSCP, CEH or related cybersecurity certifications.
• Bachelors degree in Cybersecurity, Computer Science, Engineering, Information Systems, or related technical degree.
• Minimum of 7 years of experience with at least 5 years in software or product cybersecurity.
• Travel is occasional at approximately 10%, including international.