Senior Product Security Engineer
Company: Aurora
Location: Mountain View
Posted on: June 20, 2022
|
|
Job Description:
Aurora's Product Security team's mission is to discover,
mitigate, and prevent security risks in the software, hardware, and
services developed by Aurora.
Our team is responsible for ensuring the secure design and
implementation of the technology built for the Aurora Driver as
well as continually improving the assurance levels of security
across all of Aurora's Products. This team is also responsible for
performing technical security assessments, threat modeling,
security code reviews and vulnerability testing to highlight risk
and help various engineering teams and partners to improve
security. We work closely with engineers across Aurora as well as
3rd party partners to design and proactively integrate initiatives
to enhance security across a wide variety of software or hardware
domains and technology stacks.
We are searching for an experienced Security Engineer who is
excited to ensure the highest level of security standards for
Aurora's products and focus on uncovering security vulnerabilities
to reduce risk for the autonomous vehicle platform to join us on
this mission.
Job level is negotiable based on experience. Remote work is
approved for US-based employees, including for post-pandemic.
In this role you will
* Perform technical security assessments and reviews, research,
uncover, and reproduce vulnerabilities, design secure protocols and
systems, and write tests and fuzzers to drive architecture
changes
* Assess the risks across the Aurora Driver Platform and prioritize
high value components (software and/or hardware) for critical and
high security vulnerabilities
* Comfort employing techniques including reverse engineering,
fuzzing, and static and/or dynamic analysis
* Conduct research to identify new and novel attack vectors against
Aurora's products and services
* Review, develop and document secure operational best practices,
and provide security guidance for engineers and various internal
and external partners
Required Qualifications
* Foundational knowledge of operating system security for Linux
* Foundational knowledge of the CWE Top 25
* Ability to assess software and/or hardware components with and
without full knowledge
* Ability to work well with other assessment members and
engineering partners
* Ability to communicate effectively with technical and
non-technical audiences
* Experience in one or more of the following: risk assessment,
threat modeling, incident and emergency response, OS hardening,
vulnerability management, pentesting, offensive security or
cryptographic protocols and concepts
* Experience in vulnerability discovery and analysis, design
review, and code-level security reviews
* Experience in, and technical knowledge of security engineering,
computer and network security, authentication and security
protocols, and applied cryptography.
* Experience with assessment, development, implementation, and
documentation of a comprehensive and broad set of security
technologies and processes
* Familiarity in Security Assurance / Secure-SDLC processes in an
agile / waterfall environment
* Experience building and evaluating threat models / risk
assessments
* Minimum 6 years of experience in a security-specific or
security-adjacent industry
Desirable
* Relevant work experience in offensive security, penetration
testing or red teaming
* Experience implementing various Defence in Depth Strategies to
address dynamic threats across various software and hardware
stacks.
* Ability and desire to write production-quality code in C++,
Golang, or Python
* Experience evaluating the security of software, hardware and
services
* Foundational knowledge of embedded firmware security and hardware
security, preferably in the robotics or automotive space
* Familiarity with cloud security (AWS) and
infrastructure-as-code
* Familiarity with Trusted Platform Modules, HSMs, and trusted
boot
* A history of giving back to the security industry via open source
contributions, published papers, or conference presentations
#LI-JL1
#Mid-Senior
Keywords: Aurora, Mountain View , Senior Product Security Engineer, Engineering , Mountain View, California
Click
here to apply!
|