Sr. Staff Application Security Engineer
Company: Aurora Innovation
Location: Mountain View
Posted on: September 3, 2024
Job Description:
Aurora hires talented people with diverse backgrounds who are
ready to help build a transportation ecosystem that will make our
roads safer, get crucial goods where they need to go, and make
mobility more efficient and accessible for all. Aurora's Product
Security team's mission is to discover, mitigate, and prevent
security risks in the software, hardware, and services developed by
Aurora. Our team is responsible for ensuring the secure design and
implementation of the technology built for the Aurora Driver as
well as continually improving the assurance levels of security
across all of Aurora's Products. This team is also responsible for
performing technical security assessments, threat modeling,
security code reviews and vulnerability testing to highlight risk
and help various engineering teams and partners to improve
security. We work closely with engineers across Aurora as well as
3rd party partners to design and proactively integrate initiatives
to enhance security across a wide variety of software or hardware
domains and technology stacks. We are searching for an experienced
Security Engineer with strong application security experience that
is excited to lead and improve the overall application security
posture for the autonomous vehicle platform to join us on this
mission.
In this role, you will
- Perform secure design reviews and threat modeling. Identify and
prioritize risks, attack surfaces, and vulnerabilities
- Perform security code reviews of source code changes and advise
developers on remediating vulnerabilities and following secure
coding practices
- Perform technical security assessments and reviews, research,
uncover, and reproduce vulnerabilities, design secure protocols and
systems, and write tests and fuzzers to drive architecture
changes
- Manage the vulnerability management process and program through
triage, prioritization, tracking, remediation, and validation of
vulnerabilities from audits, scans and external reports
- Employ techniques including reverse engineering, fuzzing, and
static and/or dynamic analysis
- Conduct research to identify new and novel attack vectors
against Aurora's products and services
- Review, develop and document secure operational best practices,
and provide security guidance for engineers and various internal
and external partners
- Develop and manage a secure software development
lifecycle
- Develop and manage a bug bounty program
- Research, recommend, and develop security tools and
technologies to strengthen defenses against emerging threats and
vulnerabilities
- Work with Engineering teams and OEMs to ensure successful
security assurance of the Aurora Driver platform and
services
- Advocate, guide and mentor both security and non-security
engineers to instill security best practices. through secure
architecture, design, and development
Required Qualifications
- Foundational knowledge of operating system security for
Linux
- Foundational knowledge of the CWE Top 25
- Ability to assess software and/or hardware components with and
without full knowledge
- Ability to work well with other assessment members and
engineering partners
- Ability to communicate effectively with technical and
non-technical audiences
- Experience in one or more of the following: risk assessment,
threat modeling, incident and emergency response, OS hardening,
vulnerability management, pentesting, offensive security or
cryptographic protocols and concepts
- Experience in vulnerability discovery and analysis, design
review, and code-level security reviews
- Experience in, and technical knowledge of security engineering,
computer and network security, authentication and security
protocols, and applied cryptography
- Experience with assessment, development, implementation, and
documentation of a comprehensive and broad set of security
technologies and processes
- Familiarity with automotive protocols and security
standards
- Experience in Security Assurance / Secure-SDLC processes in an
agile / waterfall environment
- Experience building and evaluating threat models / risk
assessments
- Experience and ability to implement best practices related to
cryptographic protocols, infrastructure and network
security
- Minimum 8 years of experience in a security-specific or
security-adjacent industry
- Minimum 2 years of experience in the robotics or automotive
industry or equivalent
Desirable Qualifications
- Relevant work experience in offensive security, penetration
testing or red teaming
- Experience implementing various Defense in Depth Strategies to
address dynamic threats across various software and hardware
stacks
- Ability and desire to write production-quality code in C++,
Golang, or Python
- Experience evaluating the security of software, hardware and
services
- Foundational knowledge of embedded firmware security and
hardware security, preferably in the robotics or automotive
space
- Familiarity with cloud security (AWS) and
infrastructure-as-code
- Familiarity with Trusted Platform Modules, HSMs, and trusted
boot
- A history of giving back to the security industry via open
source contributions, published papers, or conference
presentations
The base salary range for this position is $254k-$407K per year.
Aurora's pay ranges are determined by role, level, and location.
Within the range, the successful candidate's starting base pay will
be determined based on factors including job-related skills,
experience, qualifications, relevant education or training, and
market conditions. These ranges may be modified in the future. The
successful candidate will also be eligible for an annual bonus,
equity compensation, and benefits.
#LI-SP1
#Mid-Senior
#J-18808-Ljbffr
Keywords: Aurora Innovation, Mountain View , Sr. Staff Application Security Engineer, Engineering , Mountain View, California
Didn't find what you're looking for? Search again!
Loading more jobs...