Lead and perform development of security test tooling that directly supports the team’s validation and verification efforts
Maintain and support several existing projects, improving overall code quality
Design and develop complex software infrastructure to support DevSecOps and automated regression analysis
Engage with other stakeholders in code reviews and audits
Research and stay up to date on new attack vectors, vulnerabilities, and exploitation techniques
Lead and participate in small to large-scale individual and matrix-based groups, initiatives, or mentoring others in technical/functional security areas
Lead and participate in technology security design reviews with the ability to efficiently communicate potential issues and risks
Qualifications:
Bachelor’s degree (or higher) in Electrical Engineering, Computer Engineering, Computer Science, Cybersecurity or related is strongly desired
Proficient in Python, JavaScript, C and C development
Experience with reverse engineering and binary analysis methods and tools (e.g. IDA Pro, Ghidra)
Knowledge of compiler concepts, compilation lifecycle and intermediate products
Knowledge and experience using static and dynamic binary analysis techniques
Ability to handle tasks with significant complexity under minimal supervision requiring a high degree of technical competence
Additional Valued Attributes:
Experience with core security concepts, embedded security best practices (e.g. secure boot, secure debug, secure storage, secure communications) and the secure development lifecycle activities
Experience working with React or Angular is a plus
Experience performing code audit or review efforts
Experience working or leading in Agile development workflow
Experience in designing, developing and debugging embedded security applications is a plus
Familiarity with Automotive and Industry standards and best practices such at ISO-SAE 21434, SAE J3101
Experience in security research, vulnerability generation
Knowledge or experience with binary symbolic analysis and fuzzing frameworks (e.g. angr, BAP, AFL)
Experience with vulnerability analysis using CVSS scoring and CWE types
Experience with vulnerability management process (from proof-of-concept to remediation)
As an Associate - Product Security Engineer within the Cybersecurity Technology Controls Organization, you serve as a seasoned member of a team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. Carry out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions in support of the firm\'s business objectives.