Embedded C++ Software Security Engineer
Cutting edge IoT Products developer is looking for an MVP to join their Embedded Software Security team.
Specifically, we are looking for an individual who is Security-minded, Loves connectivity of devices, has "Hands-on" and practical security knowledge, and is willing and able to adjust to changing priorities to serve the development of super-secure elements, reduce vulnerabilities, and enhance the 'systems development' of our INTERNATIONALLY RECOGNIZED BRAND of IoT devices.
Key Responsibilities:
- Conduct security lifecycle activities, such as threat modeling, secure code reviews, automated and manual security testing, and penetration testing, to identify risk and to provide actionable remediation plans
- Documenting, implementing and testing security features and bugfixes for new and legacy codebases
- Explaining threat models for new vulnerabilities
- Determining the impact of new security threats
- Provide guidance & support to teams to utilize security best practices and techniques in design, implementation, delivery, and support of products
- Coordinate security concerns with software teams across the company
Qualifications:
- 6 years in MODERN C++ (critical) in OOD and OOP [oriented design (OOD) and object oriented programming (OOP)] &
- 3+ years’ of experience in embedded software SPECIFICALLY in a security role.
- Use of embedded operating system (Linux-preferred, VxWorks, Nucleus, ThreadX, Integrity, etc.)
- Embedded and/or IoT systems, including ARM, TrustZone, messaging protocols, real-time operating systems, networking, RTOS, & watchdog timers.
- Strong hands-on experience designing, implementing, and testing software application coding vulnerabilities and proper analysis techniques
Ideal Experiences Include:
Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering or a related equivalent degree. MSCS or MSEE is strongly desirable.
- Understanding of security protocols (e.g., BLE link encryption, TLS, JWK)
- Knowledge of low level hardware-software interactions, such as storage in flash, RAM or cache, and data transport over SPI, i2c or UART
- Debuggers/analyzers and runtime analysis (valgrind, etc.)
- Systems Engineering, Secure Development Lifecycle, and/or DevOps / DevSecOps
- SELinux or similar secure operating system features experience
- Virtualization and containers
- Experience with PKI infrastructure and certificate management
- Experience with automated testing and auditing, coverage analysis tools, testing frameworks and fuzzing
Will do all authorized to work in USA, & C2C
Relocation to Greater Boston Area is a MUST,
(NO REMOTES) but onsite can be reduced to 2-3/week, with telecommute flexible options.
Please contact rswift@syrinx.com and apply to the role through this site.