Senior Product Security Engineer
Bose Corporation · Framingham, MA · 2 wk ago
HybridInformation Technology$143k–$196k/yrFull-time
Principal Duties And Responsibilities
- Architecting and designing products to guarantee secure practices, data confidentiality, system integrity
- Engineering and implementing ARM Trust Zone secure applets
- Implementing a cryptographic IoT device identity and root of trust
- Streamlining secrets, key management, cryptography, and credential management
- Defining Security requirements and conducting security assessments
- Architect and implement protections for intellectual property, including anti-reverse engineering, secure firmware distribution, and debug interface lockdown
- Ensuring compliance with applicable security regulations and standards (e.g., EU CRA, ETSI EN 303 645, NIST) and support audits and certifications
- Advising engineering peers on security matters in the form of architectural guidance, code/design reviews, and solution development
- Improving vulnerability discovery, patching process, and leading responses to external security threats
- Code independently with minimal oversight and design system architecture with guidance
- Collaborating with cross-functional teams like product firmware, devops, cloud engineering, manufacturing, and program management
- Performing security testing on products and supporting with the security fix implementations
- Designing and maintaining private X.509 and JWK chains of trust used for validating authenticity of portable audio devices
- Stay up-to-date on security news, relevant technologies, plug into user groups, understand trends and security opportunities
- Be a stakeholder on interdisciplinary teams advocating for security
Qualifications
- Experience developing for embedded systems and Linux platforms in C, C++
- Strong knowledge of cryptographic theory and engineering including encryption, hashing, signing, digital certificates and hardware security modules (HSMs)
- Building internal security applications with cryptographic guarantees such as firmware encryption and signing, custom developer enablement tools, secure asset provisioning, etc.
- Experience aligning embedded product security practices with regulatory and compliance requirements (EU CRA, NIST, ISO 27001, IEC 62443 or similar frameworks)
- Experience implementing IP protection and anti-tamper mechanisms in embedded systems, including secure boot enforcement, firmware encryption, and hardware debug port protection
- Experience mitigating dependency or code-level defects including memory-management issues, input validation, timing attacks, broken authentication, side channels
- Experience with computer networking with a focus on security and IOT applications
- Bachelor's degree in Computer Science, or equivalent
- A master’s degree is beneficial
- 6 or more years of industry experience working in firmware development with a focus on security
Pay
The hiring range for this position in the primary work location of Framingham, Massachusetts is: $142,600-$196,000.
Schedule
N/A
Benefits
N/A
Skills
N/A
Benefits
N/A
Cookie/Navigation/Equal Opportunity/Scam Warning Boilerplate
Folded