Sr. Cloud & Mobile Security Engineer
iRobot · Bedford, MA · 2 days ago
Information Technology$107k–$153k/yrFull-time
What You Will Do
- Assess new cloud designs and mobile app feature changes for potential security vulnerabilities.
- Evaluate production and test builds of cloud services and mobile applications for adherence to security best practices.
- Develop guidelines for security of products based on industry standards.
- Triage reported vulnerabilities from the field across a spectrum of sources and determine impact, priority, and risk.
- Design and build secure cloud services that centralize critical security functionality.
- Implement test frameworks for automated security validation testing of cloud and mobile deployments.
- Work with the latest SAST/DAST tooling, AI-powered and traditional, to evaluate and report on flaws and vulnerabilities to the development teams.
- Ensure the components meet the regulatory needs of every market within which iRobot products are sold.
- Engage third-party and AI services for penetration testing, red team exercises, threat modeling, and more.
To Be Successful
- 7+ years designing, building, and deploying AWS-based managed service infrastructure, with at least 2 years as a security champion within a development team.
- Extensive knowledge and practical experience designing, building and deploying secure serverless, API-based services with a deep understanding of the standard callflow of managed service architecture: Gateway to Work Process to Storage to Access.
- Deep knowledge of authentication protocols and technologies, including IAM, SSO, OAuth 2.0, and RBAC.
- Experience building mobile apps for iOS and Android, with a deep understanding of the security best practices of each.
- Strong understanding of, and alignment with, OWASP standards and best practices, including the OWASP Top Ten lists.
- Strong understanding of AWS policy hierarchy, and practical knowledge of Organizations, SCPs, IAM, et al.
- Python and Node/JavaScript proficiency.
- Practical experience constructing architecture risk assessments and leveraging standard security tooling to build empirical evidence in support of those assessments.
PREFERRED
- Experience at a consumer product company.
Qualifications
- Applicants must be authorized to work for any employer in the U.S.
- We are unable to sponsor or assume sponsorship of any additional employment visas at this time.