Key skills
AzureCloudCyber SecurityIoTJavaPythonSplunkGoC++CCommunicationSonarQubeCheckmarxOWASPPenetration TestingCloud Security
About this role
Role Overview
- Embed security best practices, such as encryption and authentication, directly into new products as part of the architecture and design process.
- Identify vulnerabilities and security gaps during the design phase to present exploitation.
- Define and enforce secure device architecture, including secure boot, hardware root of trust, device identity, and certificate-based authentication.
- Own firmware security, including signing, update mechanisms, rollback protection, and vulnerability remediation.
- Design and govern end-to-end encryption strategies spanning device, edge, and cloud.
- Establish security requirements for low-cost hardware, balancing risk, cost, and operational constraints.
- Conduct threat modeling for embedded systems, IoT protocols, and physical attack surfaces.
- Partner with hardware, firmware, and manufacturing vendors to ensure supply-chain security controls.
- Own product security incident response, including vulnerability triage, remediation coordination, customer communication, and post-incident reviews.
- Manage coordinated vulnerability disclosure and CVE processes where applicable.
- Lead Product Lifecycle Management security initiatives from concept throughout development, release, and maintenance.
- Conduct product security testing and oversee penetration testing, vulnerability scans, and code reviews.
- Define the product security strategic roadmap, goals, priorities, features and align product security with business objectives.
Requirements
- Successfully pass background check for cybersecurity site access.
- 7-15 years of hands-on cyber security experience within the software development lifecycle, including implementation of security controls, vulnerability management, or cloud security
- Hands on experience with programming languages like Python, Java, C++, or Go.
- Mastery of security tools like Burp Suite, Checkmarx, or SonarQube.
- Security Frameworks – solid understanding of OWASP Top 10, NIST and SOC2 compliance
- Specific familiarity with the NIST SSDF (SP 800-218) standard and experience developing products to meet requirements in this standard
- Experience with Azure
- 7+ years of experience with scripting automation for security tasks using Python
- Practical experience with at least one major SIEM – Splunk
- Strong analytical and problem-solving skills
- Ability to clearly communicate technical risks and recommendations to both technical and non-technical stakeholders.
- Detail oriented with good documentation habits.
- Bachelor’s degree in computer science or cyber security or related field
Tech Stack
- Azure
- Cloud
- Cyber Security
- IoT
- Java
- Python
- Splunk
- Go
Benefits
- Medical, Vision, Dental Insurance
- Health Savings Account with Employer contributions
- 401(k) with Employer match
- Short-term & Long-term Disability Coverage
- Accidental Death & Dismemberment Coverage
- Life Insurance Coverage
- 80 hours of Paid-Time-Off annually
- Eight paid holidays per year