Senior Product Security Engineer (Applications)
Role
Lead threat modeling, architecture reviews, and design-level risk assessments for both application and embedded system components.
Conduct secure code reviews for critical modules in Python and C/C++, supporting secure coding practices across all engineering teams.
Evaluate cryptographic usage, authentication/authorization flows, and protocol security across the stack.
Identify and prioritize vulnerabilities in software and firmware; partner with developers on remediation and mitigation strategies.
Participate in security assessments of embedded devices, especially where software interfaces with hardware.
Provide security input on high-level aspects of secure boot, firmware update integrity, and device identity mechanisms.
Partner with software, firmware, hardware, and systems teams to implement consistent, secure solutions.
Requirements
- 5+ years of experience in software engineering with a focus on security.
- Strong investigative, analytical problem-solving skills and attention to detail.
- Experience with secure architecture design and threat modeling for complex systems (including both web services and IoT/embedded devices).
- Software development and security expertise in both high-level languages (e.g., Python) and low-level languages (e.g., C, C++).
- Experience with security best practices for web applications (OWASP Top 10) and familiarity with embedded security concepts (e.g., secure boot, JTAG, UART).
- Proven ability in auditing code for security flaws across different technology stacks.
- Strong knowledge of security best practices, applied cryptography, and security frameworks.
- Strong communication skills, with the ability to discuss security with both software and hardware engineers.
- Ability to work collaboratively within a multi-disciplinary team environment.
Pay
Base Salary: $180,000 - $285,000 USD