Embedded C++ Software Security Engineer
Cutting edge IoT Products developer is looking for an MVP to join their Embedded Software Security team.
Specifically, we are looking for an individual who is Security-minded, Loves connectivity of devices, has "Hands-on" and practical security knowledge, and is willing and able to adjust to changing priorities to serve the development of super-secure elements, reduce vulnerabilities, and enhance the 'systems development' of our INTERNATIONALLY RECOGNIZED BRAND of IoT devices.
 
Key Responsibilities:

• Conduct security lifecycle activities, such as threat modeling, secure code reviews, automated and manual security testing, and penetration testing, to identify risk and to provide actionable remediation plans
• Documenting, implementing and testing security features and bugfixes for new and legacy codebases
• Explaining threat models for new vulnerabilities
• Determining the impact of new security threats
• Provide guidance & support to teams to utilize security best practices and techniques in design, implementation, delivery, and support of products
• Coordinate security concerns with software teams across the company

Qualifications:

• 6 years in MODERN C++ (critical) in OOD and OOP [oriented design (OOD) and object oriented programming (OOP)] &
• 3+ years’ of experience in embedded software SPECIFICALLY in a security role.
• Use of embedded operating system (Linux-preferred, VxWorks, Nucleus, ThreadX, Integrity, etc.)
• Embedded and/or IoT systems, including ARM, TrustZone, messaging protocols, real-time operating systems, networking, RTOS, & watchdog timers.
• Strong hands-on experience designing, implementing, and testing software application coding vulnerabilities and proper analysis techniques

Ideal Experiences Include:
Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or a related equivalent degree. MSCS or MSEE is strongly desirable.

• Understanding of security protocols (e.g., BLE link encryption, TLS, JWK)
• Knowledge of low level hardware-software interactions, such as storage in flash, RAM or cache, and data transport over SPI, i2c or UART
• Debuggers/analyzers and runtime analysis (valgrind, etc.)
• Systems Engineering, Secure Development Lifecycle, and/or DevOps / DevSecOps
• SELinux or similar secure operating system features experience
• Virtualization and containers
• Experience with PKI infrastructure and certificate management
• Experience with automated testing and auditing, coverage analysis tools, testing frameworks and fuzzing

Will do all authorized to work in USA, & C2C
Relocation to Greater Boston Area is a MUST,
(NO REMOTES) but onsite can be reduced to 2-3/week, with telecommute flexible options.

Please contact rswift@syrinx.com and apply to the role through this site.