Product Security Engineer

The Product Security Engineer conducts comprehensive security assessments on mobile applications, IoT hardware/firmware, compiled software, and browser extensions. The role involves identifying vulnerabilities, developing mitigation strategies, and collaborating with cross‑functional teams to enhance product security and manage third‑party risk.

Technical (70%)

• Conduct comprehensive security assessments of mobile applications, IoT hardware/firmware, compiled software, and browser extensions.
• Perform reverse engineering, vulnerability analysis, and penetration testing to uncover security risks.
• Analyze binary file formats (PE, ELF, Mach‑O) and runtime behaviors for security flaws.
• Review browser extensions and software plugins for security flaws and compliance with best practices.
• Perform product data analysis to identify potential vulnerabilities and determine access scope.

Operational (30%)

• Collaborate with cross‑functional teams (engineering, product, security) to enhance security measures and improve resilience against cyber threats.
• Develop and recommend mitigation strategies and risk profiles for identified vulnerabilities.
• Document findings and communicate security recommendations to technical and non‑technical audiences.
• Maintain organizational product inventory with security assessment status and secure configuration requirements.
• Produce and maintain security documentation such as bill‑of‑material repositories and analytical procedure guides.

• Bachelor’s of Science in Computer Science, Electrical Engineering, Cyber Security, or related field.
• 5–7 years of experience in software exploitation, reverse engineering, malware analysis, or related field.
• Proficient in debuggers, decompilers, and disassemblers for code analysis across CPU architectures, including ARM and RISC‑V.
• Strong understanding of binary file formats (PE, ELF, Mach‑O) and application security.
• Skilled in low‑level data extraction and analysis using QEMU, Verilog, and embedded system tools (Busy Box, binwalk, u‑boot).
• Experienced with network traffic capture and analysis using tcpdump and Scapy.
• Expertise in BOM enumeration and inventory/risk assessment using Cyclone
  
  DX.
• Strong analytical and problem‑solving skills with a keen eye for identifying and mitigating security risks.
• Excellent communication skills for documenting findings and providing security recommendations to diverse audiences.

• Prior experience in cybersecurity research or security assessment functions.
• Experience with application security testing and static/dynamic analysis tools.
• Knowledge of cryptographic principles and secure coding practices.
• Familiarity with security assessment frameworks and compliance standards.
• Experience with radio signal analysis and related security hardening methodologies.

• Adaptable – responds to change with a willingness to learn and a positive attitude.
• Innovative – develops, sponsors, or supports new and improved methods, products, or technologies.
• Analytical and Critical Thinking – tackles problems using a logical, systematic approach.
• Problem Solving – gathers and analyzes information to evaluate potential solutions to problems.
• Communication – conveys messages concisely in written, oral, and visual formats for clear understanding.
• Effective Execution – evaluates solutions by weighing accuracy and relevance of facts and data.

• Requires use of hands and arms to manipulate objects, tools, or controls.
• Requires talking, hearing, reading instructions on a computer monitor or printed materials.
• Occasional standing, kneeling or stooping, and lifting or moving up to 25 pounds.
• Requires viewing items at a close range and adjusting focus accordingly.
• Requires remaining in a stationary position for significant periods.

We are an Equal Opportunity Employer, including disability and veterans.